Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Seltsame Artefakte & PUP.Optional.Babylon.A (https://www.trojaner-board.de/166898-seltsame-artefakte-pup-optional-babylon-a.html)

hans_t 13.05.2015 22:17
Seltsame Artefakte & PUP.Optional.Babylon.A
 
Liste der Anhänge anzeigen (Anzahl: 5)
Hallo liebe Experten,
wenn ich mit dem PC online bin, tauchen am Bildschirm seltsame Artefakte auf (siehe Anhang). Bisher konne ich diese aber nur beobachten, wenn facebook geöffnet ist.

Anti-Malware findet: PUP.Optional.Babylon.A
Nach entfernen, neustart, wird alles erneut wieder gefunden.

Derweilen stelle ich (noch) keine Probleme am PC fest ....

Bitte um Hilfe bezüglich der Artefakte und PUP.Optional.Babylon.A.

Vielen Dank!

M-K-D-B 13.05.2015 22:33
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Logdatei von MBAM bitte posten! Tritt das Problem in jedem Browser auf?


Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


hans_t 14.05.2015 00:56
Logdatei von MBAM
 
Vielen Dank, konnte die Artefakte sowohl im Fierfox als auch Internet Explorer sehen.
Hier die Logdatei von MBAM:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 14.05.2015
Suchlauf-Zeit: 01:38:51
Logdatei:
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.13.06
Rootkit Datenbank: v2015.04.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: xx-name-xx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 351035
Verstrichene Zeit: 12 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 21
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babclient");), ,[9595a0f397f3d75f828f1f3d4abcd729]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make c), ,[76b498fb62286dc998798bd1dc2a9b65]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make changes), ,[1119573c107a77bff31e114b14f216ea]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (* Do not edit this file.
 *
 * If you make changes to t), ,[0624d5beb6d48bab55bc6cf056b018e8]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ch), ,[0129d0c399f144f2ff12273501058e72]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make changes to), ,[5ad0d3c03f4b81b539d8a2ba94720df3]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (* Do not edit this file.
 *
 * If you make changes to this), ,[b476eba8cbbf1620e32e6cf01ee8d828]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make changes), ,[19117c171e6c1b1b0e03ef6d9e688c74]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make), ,[2307c0d3b5d551e5d23f5dffbd4957a9]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you mak), ,[bb6f7320c0ca15214cc5c4980600e719]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make changes to th), ,[ee3c375c9eec989efe13d18b7195b54b]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), ,[e644ccc7088233036d4598c3a95d857b]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (sions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensio), ,[55d5cbc8117957df852d9ebdf115bf41]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensi), ,[9b8fbad9f3979b9b9022fd5e6c9adc24]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (nsions.BabylonToolbar_i.prtnrId", "babylon");
user_pref(), ,[e446fd961179b185139f0853ec1a619f]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (tensions.BabylonToolbar_i.prtnrId", "babylon");
user_pr), ,[7ab00291cbbf63d38e249ebd798d2ad6]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (xtensions.BabylonToolbar_i.prtnrId", "babylon");
user_), ,[bf6be0b3ff8b85b1c6ece77405019967]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("ext), ,[63c7f79c503a2214981a253673934db3]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (.BabylonToolbar_i.prtnrId", "babylon");
user_pref("), ,[5ad03a59ec9e72c4436f95c67b8be31d]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (f("extensions.BabylonToolbar_i.prtnrId", "babylon");), ,[76b4840fe2a8a591951ddf7cab5baa56]
PUP.Optional.Babylon.A, C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js, Gut: (), Schlecht: (f("extensions.BabylonToolbar_i.prtnrId", "babylon");
use), ,[a6845241543669cd0da51348db2b49b7]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2015 01
Ran by xx-name-xx (administrator) on DELLXPS_8300 on 14-05-2015 01:46:09
Running from C:\Users\xx-name-xx\Desktop
Loaded Profiles: xx-name-xx &  (Available profiles: xx-name-xx)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Dashboard\Dashboard.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [ACDSeeCommanderUltimate8] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2061832 2015-02-04] ()
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: {7016cca5-fb07-11e0-a09c-fe958973f057} - E:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ACDSeeCommanderUltimate8] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2061832 2015-02-04] ()
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7016cca5-fb07-11e0-a09c-fe958973f057} - E:\Autorun.exe
Startup: C:\Users\xx-name-xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A1 Dashboard.lnk [2011-10-21]
ShortcutTarget: A1 Dashboard.lnk -> C:\Program Files (x86)\A1 Dashboard\Dashboard.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
Startup: C:\Users\xx-name-xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
Handler-x32: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL [2001-08-09] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{CF5CE2F1-ADE3-407B-AC29-84197F93E969}: [NameServer] 194.48.128.199 194.48.139.254

FireFox:
========
FF ProfilePath: C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\xx-name-xx\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js [2015-05-13]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2002-01-09] (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-16] (Apple Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-04-01] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 01:46 - 2015-05-14 01:46 - 00016725 _____ () C:\Users\xx-name-xx\Desktop\FRST.txt
2015-05-13 23:50 - 2015-05-14 01:19 - 00000000 ___RD () C:\Users\xx-name-xx\Dropbox
2015-05-13 23:39 - 2015-05-14 01:46 - 00000000 ____D () C:\FRST
2015-05-13 23:38 - 2015-05-13 23:38 - 02104832 _____ (Farbar) C:\Users\xx-name-xx\Desktop\FRST64.exe
2015-05-13 23:29 - 2015-05-13 23:44 - 00000000 ____D () C:\Users\xx-name-xx\AppData\Roaming\Nico Mak Computing
2015-05-13 23:04 - 2015-05-13 23:06 - 00000000 ____D () C:\Users\xx-name-xx\Desktop\artefakte
2015-05-11 17:00 - 2015-05-11 20:32 - 00000074 _____ () C:\Windows\nepal_01.INI
2015-05-04 12:46 - 2015-05-14 00:02 - 00000000 ____D () C:\Users\xx-name-xx\Desktop\nepal benefiz
2015-05-02 01:48 - 2015-05-02 04:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 23:51 - 2015-05-14 00:25 - 00001014 _____ () C:\Windows\PFRO.log
2015-04-14 16:10 - 2015-04-14 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 01:20 - 2012-04-27 20:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 01:19 - 2014-06-11 13:33 - 00000000 ____D () C:\Users\xx-name-xx\AppData\Roaming\Dropbox
2015-05-14 01:18 - 2014-06-11 13:36 - 00001002 _____ () C:\Users\xx-name-xx\Desktop\Dropbox.lnk
2015-05-14 01:18 - 2014-06-11 13:35 - 00000000 ____D () C:\Users\xx-name-xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-14 01:08 - 2011-10-20 12:19 - 01131197 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 00:33 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 00:33 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 00:31 - 2011-10-20 22:13 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 00:31 - 2011-10-20 22:13 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 00:31 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 00:29 - 2014-12-03 17:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 00:26 - 2015-03-24 12:07 - 00006025 _____ () C:\Windows\setupact.log
2015-05-14 00:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 23:50 - 2011-10-20 12:30 - 00000000 ____D () C:\Users\xx-name-xx
2015-05-13 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-13 21:41 - 2014-12-03 17:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-12 20:38 - 2015-03-19 12:40 - 00000000 ____D () C:\Users\xx-name-xx\Desktop\neue medien
2015-05-11 14:06 - 2015-03-29 04:51 - 00000000 ____D () C:\Users\xx-name-xx\AppData\Local\ACD Systems
2015-05-03 23:18 - 2015-03-29 04:53 - 00000000 ____D () C:\Users\xx-name-xx\AppData\Local\Adobe
2015-05-02 04:08 - 2011-10-20 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-02 04:06 - 2012-04-01 21:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-02 04:06 - 2011-10-20 17:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-14 16:18 - 2015-01-27 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2015-04-14 09:37 - 2014-12-03 17:42 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-12-03 17:42 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-12-03 17:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-07-26 18:23 - 2014-07-26 18:23 - 0000003 _____ () C:\Users\xx-name-xx\AppData\Roaming\CheckWinVer.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0099384 _____ () C:\Users\xx-name-xx\AppData\Roaming\inst.exe
2012-12-29 01:11 - 2012-12-29 01:11 - 0007859 _____ () C:\Users\xx-name-xx\AppData\Roaming\pcouffin.cat
2012-12-29 01:11 - 2012-12-29 01:11 - 0001167 _____ () C:\Users\xx-name-xx\AppData\Roaming\pcouffin.inf
2012-12-29 01:12 - 2012-12-29 01:12 - 0000034 _____ () C:\Users\xx-name-xx\AppData\Roaming\pcouffin.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0082816 _____ (VSO Software) C:\Users\xx-name-xx\AppData\Roaming\pcouffin.sys
2011-10-21 03:42 - 2013-04-02 01:54 - 0073728 _____ () C:\Users\xx-name-xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-21 03:05 - 2014-08-07 19:21 - 0007672 _____ () C:\Users\xx-name-xx\AppData\Local\Resmon.ResmonCfg
2014-12-23 21:44 - 2014-12-23 21:44 - 2529622 _____ () C:\Users\xx-name-xx\AppData\Local\[j0014]-[p22].bmp
2014-12-23 21:55 - 2014-12-23 21:56 - 2529622 _____ () C:\Users\xx-name-xx\AppData\Local\[j0015]-[p22].bmp
2014-12-23 22:06 - 2014-12-23 22:06 - 2529622 _____ () C:\Users\xx-name-xx\AppData\Local\[j0016]-[p68].bmp
2015-02-17 17:33 - 2015-02-17 17:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-10-20 22:28 - 2015-02-17 13:21 - 0010102 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\xx-name-xx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppmkz5n.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 19:38

==================== End Of Log ============================
--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2015 01
Ran by xx-name-xx at 2015-05-14 01:46:54
Running from C:\Users\xx-name-xx\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3213465492-3622994428-3788502651-500 - Administrator - Disabled)
Gast (S-1-5-21-3213465492-3622994428-3788502651-501 - Limited - Disabled)
xx-name-xx (S-1-5-21-3213465492-3622994428-3788502651-1000 - Administrator - Enabled) => C:\Users\xx-name-xx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
A1 Dashboard (HKLM-x32\...\A1 Dashboard) (Version: 1.15.1.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.15.1.0 - A1 Telekom Austria AG) Hidden
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
ACDSee Ultimate 8 (64-bit) (HKLM\...\{DFD09008-75B2-49AB-A1D1-AEE552B3FD11}) (Version: 8.1.1.386 - ACD Systems International Inc.)
ACDSee Video Converter Pro 4.1 (HKLM-x32\...\ACDSee_acdVCPro) (Version: 4.1.0.166 - ACD Systems International Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Alpenvereinskarten digital (HKLM-x32\...\Alpenvereinskarten digital) (Version:  - )
AMap Fly 5.0 (HKLM-x32\...\{D5647409-6423-426C-AA3A-D0F703A52677}) (Version: 6.6.0.0000 - EADS Deutschland GmbH)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{74000F25-9A0A-B837-215D-7DFCD5641514}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
AV Stumpfl Wings (HKLM-x32\...\AV Stumpfl Wings (V 5.9.0)) (Version: 5.9.0 - AV Stumpfl)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version:  - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video ReMaker 4.0.8.140 (HKLM-x32\...\AVS Video ReMaker_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.2.4.1 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0930.2237.38732 - Ihr Firmenname) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Freizeitkarte_AUT+ (Ausgabe 14.03) (HKLM-x32\...\Freizeitkarte_AUT+) (Version:  - )
Freizeitkarte_TUR (Ausgabe 14.06) (HKLM-x32\...\Freizeitkarte_TUR) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{BC8E822D-0C54-4426-B7D3-876CFC47EFEC}) (Version: 4.4.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Geogrid®-Viewer (x32 Version: 6.6.0.0000 - EADS Deutschland GmbH) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{5C519C69-AC39-40D0-9FF3-1F3FEE4640B2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LMSOFT Web Creator Pro 6 (HKLM-x32\...\Web Creator Pro 6) (Version:  - )
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta Professional 2003 (HKLM-x32\...\{034400C0-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
ODBC (HKLM-x32\...\ODBC) (Version:  - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
SmartSerialMail V5.1.3 (HKLM-x32\...\SmartSerialMail_is1) (Version: 5.1.3 - JAM Software)
svBuilder (HKLM-x32\...\svBuilder) (Version: 2.3.2 - SimpleViewer Inc)
svBuilder (x32 Version: 2.3.2 - SimpleViewer Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1A606537-90A1-CECB-F525-BDE6F3731FFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{2D29EC40-E3D8-256C-EAFD-9CBA3425B4DE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{1A606537-90A1-CECB-F525-BDE6F3731FFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{2D29EC40-E3D8-256C-EAFD-9CBA3425B4DE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-05-2015 19:16:49 Windows Update
06-05-2015 12:30:10 Windows Update
10-05-2015 00:08:37 Windows Update
13-05-2015 21:38:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-23 21:50 - 00000194 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B050B0-9891-4AC4-88F9-808B14019C33} - System32\Tasks\{D07E0C21-D1C5-431A-B3C9-F58A0BC9E625} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {11E2C7E6-02CD-4B85-AD29-8EBB660E3679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {130EDC82-D009-434F-8AF3-8702AD2BD7F0} - System32\Tasks\{1FEA43D4-DD32-4112-B9EF-C89847CF4787} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {18854815-8855-44EA-BD0F-CF2E97E2E7BB} - System32\Tasks\{C2AD4FF3-E4DD-4B5D-9871-3F1E41B23AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1A9527C9-E4AD-4DAE-9ED4-AD68F32DADC9} - System32\Tasks\{25C374D8-51D2-43E3-880D-3A07DE8FE227} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {1ADADDF6-24B8-4D31-AF9E-E8390FD6C951} - System32\Tasks\{0C65CA45-4E98-41BB-8C4D-B485FF1327D8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1CB814C8-EA46-42A2-8851-17388E5B5E23} - System32\Tasks\{3987C4C2-BB85-478D-B7B4-5AD02152F3F4} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {22E2C234-F23F-4A36-BDCD-18CCBFF35A3B} - System32\Tasks\{483BF32D-19AC-44F1-8881-B4F3D27D225A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {279A21EA-BCEE-4F5D-90B8-BABCB0BC859A} - System32\Tasks\{38496090-C565-42B3-97D0-A628DC006B82} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {27E11982-49A5-4D05-8F5F-7968D22FE9C0} - System32\Tasks\{E59FCAA9-6A10-48DD-BCBD-08336921E449} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {28B19B62-D270-4B86-8076-47B68F874D7C} - System32\Tasks\{DF945111-70CA-469B-A348-4CE9861E4E50} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {2E3B053A-64CA-4770-8EF9-3D7A0E24EE7B} - System32\Tasks\{50C68E2D-62AD-4929-9AA9-20256918F156} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {2F789BE8-B0E0-4B47-B95E-28CED0269CDF} - System32\Tasks\{F5CB5B8D-646B-46FA-9222-ABB9A3C7FC1F} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {313645A3-CADF-4491-86AF-9E82E3A5D736} - System32\Tasks\{A7B27D28-AB55-450A-AF53-87685E764915} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {33A53B10-7D93-4C0B-A459-51EDD7509B99} - System32\Tasks\{8F2175A3-39ED-412C-B6B5-E21FAABF6B74} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {36E09EC4-F04C-4E81-B25B-A09E8BC72142} - System32\Tasks\{554AEC8D-2C04-4BB4-A67A-9C1F5BE2D62B} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {37223614-0D31-4AB9-91A8-CFEF2FD69D91} - System32\Tasks\{7B3EF58C-8B65-4F43-9E97-0C1473F0E40F} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {3B199697-E8EC-4A98-A79D-09FE95EEED04} - System32\Tasks\hpUrlLauncher.exe_{A558F23D-DFFF-402A-AC04-4969ADA7A967} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22] (Hewlett-Packard Development Company, LP)
Task: {3B9FFA7C-BAFD-40E3-828F-4E16B6F59AB2} - System32\Tasks\{86B3287C-1F20-43FE-B0BB-939A6725BB97} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {4519F539-22D5-4AAD-B22F-3EEE3C3BE316} - System32\Tasks\{F58136A8-2DF5-4AF5-960F-F600538820C3} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {45F2AC92-99B1-4B95-9B11-0E5DC107B207} - System32\Tasks\{3C85C242-DA6A-43C1-8887-F5A8E1F2257C} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {45F7CD71-1FF6-4E51-8F7B-6AC714FD6652} - System32\Tasks\{4724A133-FBDC-47B2-976E-2FF7F49383DC} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {5164CFA8-A946-4905-A424-E66EB307E913} - System32\Tasks\{51843A71-A9CB-4FEE-8833-950C1A16ED52} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {517732E8-E166-4F26-ACC4-CB396F2040B8} - System32\Tasks\{F5539E37-1A06-4B82-B9B2-10A65AD04EA8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {539A6204-CA1C-4A53-BF7C-8036E621DC33} - System32\Tasks\{B555425E-9C5E-48B0-AC96-DD9463807AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {53B3239E-A146-4614-BC3F-C986B9E747AE} - System32\Tasks\{8167160D-7A31-486E-A36C-762166D7F30D} => pcalua.exe -a "K:\tray backup.exe" -d K:\
Task: {5A0BDCA0-1E22-47CA-9CE6-007A9E49C380} - System32\Tasks\{4A686B65-891D-4EFE-84BC-41DBC41195D0} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {634E3A81-0AD7-4929-910F-67A87C72599B} - System32\Tasks\{0BA9B6CB-A377-4802-A89B-A3FB75BD6DBA} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {6D0F9806-7B46-4DD2-80BA-7EA8837A9BCD} - System32\Tasks\{3E5165E2-4BC9-459F-B932-D13C9FCA1C63} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {6E9B0248-0D67-4579-A491-F95A55D96ACF} - System32\Tasks\{CD21EC92-0374-45AF-BF92-9F19AFBC43EB} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {70198EC3-6054-42F4-B5DE-47D254BE30C2} - System32\Tasks\{73898398-0F49-459D-97CB-CD9DFEB7377A} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {75A0A118-AE81-4500-80ED-DC454D6F994D} - System32\Tasks\{AA988495-8EE2-47D0-B4D5-52FB90F2C77B} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {7FCCD65B-DEAE-4AE5-ADD9-7E6FC0B2FAE0} - System32\Tasks\{32416E6A-A660-4782-9AF2-C5FDBEC81468} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {817D84F5-787B-4731-A27C-F912AFE45012} - System32\Tasks\{BDA33A93-8B77-48AD-91DB-9C24BE586570} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {861CC9B7-4547-4528-BA5D-744E4071BE1B} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {963FD547-9465-45BD-BACB-E8AD19941B07} - System32\Tasks\{1493D980-8E5B-4519-9043-57BC225C1086} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {98735C27-3CE5-4D32-8AC2-75E5D24D57AD} - System32\Tasks\{23EDC648-ED8D-4B05-A331-292C118D6086} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {9E73144E-2A24-4493-AE1F-D2529EF66566} - System32\Tasks\{E56BC32D-65B6-4827-AF2B-2B39448F5D4A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AABEF030-1A06-4782-82F2-300AC94F548D} - System32\Tasks\{228347CE-8583-4153-AD48-620BDB2D66D5} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {AB6A4D83-97B1-4273-B236-5C3E20EE5DB2} - System32\Tasks\{1172F15B-DDE5-4E45-84E4-1CD7BB24F259} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {ACFFEFE8-419F-47BA-A6D8-A240CE0C6187} - System32\Tasks\{1A3377AE-1094-42B5-B72C-E0985785933B} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AF2C240E-995A-481F-9B64-6163841CC745} - System32\Tasks\{B2F8CBF8-5B51-4F71-83A6-AEAF8910D9E6} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B028A77C-5EE3-4874-87AE-C568EF32E0E4} - System32\Tasks\{B306D38A-4B98-4A67-A155-6A8FA07C3ED0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {B251BD8F-9BA8-49DB-BB76-BCE70C9A5A4F} - System32\Tasks\{4868EAC3-E0C9-4267-BE34-1BE206397DD0} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B7F24BA5-155B-4360-BAA6-361241ACE069} - System32\Tasks\{F0A209F7-2C0E-485A-BAD4-A729ADDE2B24} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B91FFCDB-E6CE-411E-9812-BD16D04B009F} - System32\Tasks\{7196370E-77F5-4FB8-B633-2DE26324FB56} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {C22EC2F4-5051-4C88-86B0-C5E782860CA1} - System32\Tasks\{BF4587D2-730D-4626-ACDE-7D8372FAB1AD} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {CAD81C9D-E42C-4358-9CD6-C5DF69C1EC54} - System32\Tasks\{666CA076-2F51-41C5-8DAD-0D246B972A05} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {D3227F87-9F35-4019-81FC-C1F20C7262B1} - System32\Tasks\{2FBD8F12-6BC4-4DE1-8B99-AE2E21ED3FF0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {D3FED5A5-BE92-4A9C-893B-82EE451F3BE5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D6AF886E-A8BE-4672-BFE5-4B31A8763F40} - System32\Tasks\{0097006A-6CB3-4E76-AC8F-27D4A4CDCA8E} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {D814276E-4162-46B0-8A99-087614276940} - System32\Tasks\{FE6C2B63-2455-41E1-A53F-026C169CAF94} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {D85225B2-1656-4332-8E1F-F2F7A6F37831} - System32\Tasks\{5AB9579A-8732-4A8D-A399-51CB363A3994} => C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {D8ACFAED-F069-4656-AD76-DF5892646DA4} - System32\Tasks\{DD76B277-84D4-42FD-9F80-AC6744C50090} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {DC864D60-02A3-466D-9E87-FCCA23387F69} - System32\Tasks\{16395E5E-A1C7-4689-ABF9-80FA03E00808} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {DDE01C0A-F955-4C74-AB16-F8AEFB771CBF} - System32\Tasks\{91AA85FB-002E-4F88-BC90-89412590E8EE} => pcalua.exe -a "C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\web creator pro 5\WC5ProInstall200.EXE" -d "C:\Users\xx-name-xx\A_Eigene Dateien\Programme installations dateien\web creator pro 5"
Task: {E81E7297-BD44-4440-BEB4-641D0E14E724} - System32\Tasks\{9E189C0A-E6BF-4088-99CF-2F0C1BE695D7} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {E9EC93B7-BB21-4E18-BAE0-866E9F400548} - System32\Tasks\{109AC7AD-6F58-4E75-8CB1-BC6E4A5E60AA} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {EA72CE08-B2C2-4924-B89A-2FF804C49349} - System32\Tasks\{190648A2-E50A-48B5-A38F-D30967DA27B1} => C:\Users\xx-name-xx\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {EC24FE2D-DF79-46DE-8FBC-7E2246C298FA} - System32\Tasks\{D059CC8C-452D-45F2-A916-9379F7A58F29} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F2D401A8-7AAD-4CE0-9081-4FF71D62D7D8} - System32\Tasks\{4BDD7645-B1BC-4843-ADD1-64B2F8261C36} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F67C5D37-16BE-44AF-B08D-0262B2725AE4} - System32\Tasks\hpUrlLauncher.exe_{E6CEA810-0FE6-47D8-9A3A-522506D50EDE} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22] (Hewlett-Packard Development Company, LP)
Task: {F724AFBA-42BB-4BE7-B290-E2633900BF65} - System32\Tasks\{7927AB28-D17C-4641-A4C2-A8A1F0ED0729} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {FD4D4B06-ACBE-4B6B-BB4E-3180F5B40ED4} - System32\Tasks\{7DAF67E2-1C65-448D-B2A2-135FF3012E74} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {FDE70701-DEAE-414B-AC26-A8BE4D5518AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-02-04 12:02 - 2015-02-04 12:02 - 02061832 _____ () C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
2010-08-26 16:08 - 2010-08-26 16:08 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-30 22:36 - 2010-09-30 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-19 19:32 - 2010-08-19 19:32 - 00086016 _____ () C:\Program Files (x86)\A1 Dashboard\resetregistry.dll
2011-04-18 09:16 - 2011-04-18 09:16 - 01421824 _____ () C:\Program Files (x86)\A1 Dashboard\Skins\A1\A1Skin.dbskin
2015-05-14 01:19 - 2015-05-14 01:19 - 00043008 _____ () c:\Users\xx-name-xx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppmkz5n.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-16 13:51 - 2015-03-16 13:51 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
AlternateDataStreams: C:\ProgramData\TEMP:7E63EC98

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xx-name-xx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\xx-name-xx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.48.128.199 - 194.48.139.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ACPW05DE => "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SmartSerialMail Versand => C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMailServiceApp.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{3091EE42-36DE-454F-9350-B91F7C7545F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{BDB8FFC4-E434-4D27-96D8-3E83121216F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0D7A4497-79A8-4926-B61F-4FC58063362C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{82096AA0-42FD-40DC-AB4C-6FC9CF6BC619}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{92F0F32B-42B2-49F6-BA18-18DE806FF4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BAC352A7-5851-4EB0-8B7E-D8635AB8C7C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{225DA7FE-0DD6-4BDB-B6F4-74825F8E1C4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C8ACA1A2-3F92-4D58-8E78-9C50B7D8F46F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{AAE908A1-4D97-4DFC-903B-8629FC75CB92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C680AF17-AFBA-4223-9B43-433DF42019BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{49E2C73A-7E4A-4484-8FE5-3995F5A9333E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [TCP Query User{8669B727-76C7-48B4-A5DF-1E142DE6E8AB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{C0C25388-CB6D-4FEE-9630-A02A79C9BA5C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{C511E6DB-5FBD-4EEB-8F02-94E3CD8B8EC6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{87DEF01C-F0E9-48E9-A025-AD835CB86C19}C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [UDP Query User{A7CF7E79-4AF5-4F09-B545-6D1DA113AB6F}C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [TCP Query User{EC4CCCE1-D7F7-4D9D-9ADD-E3D54696FD2D}C:\program files (x86)\av stumpfl\wings 5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [UDP Query User{E7994D36-A4A7-4238-8898-85C4415F1F1F}C:\program files (x86)\av stumpfl\wings 5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{EA32D7AF-9261-4B85-9E88-5623BBCCF6EF}] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{C9D11AF4-1C7C-4679-8EEA-83B532B188F7}] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{F2450001-372F-4FA7-AB29-37360499B565}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6FA9C52A-B68B-414B-8B31-B1829890FAA1}] => (Allow) C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMail.exe
FirewallRules: [{E645DC52-F34A-4FD8-855B-8ACC53E41819}] => (Allow) C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMailServiceApp.exe
FirewallRules: [{38B74D08-8ED5-48AE-9E54-F8E2DD5C635F}] => (Allow) C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\spamd.exe
FirewallRules: [TCP Query User{6F04F8A5-4214-4A61-8E58-8539547CF495}C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [UDP Query User{0E6DE58A-24C2-4174-9956-62C5AA8A3AFA}C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [{7082D1E7-57DB-450D-B19B-C144ED8ED3F5}] => (Allow) C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8DEBED6A-3A39-433A-94B4-06B8E46D6BC8}] => (Allow) C:\Users\xx-name-xx\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B62CD113-8EB4-4C39-B702-A1D596B04C4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3ED69F24-18B6-4BA7-BB06-562B345949C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EABF833B-A963-4F00-A848-28B049CA8526}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{498C015F-DD6C-48BA-BC9F-535FE40A38BD}] => (Allow) LPort=5357
FirewallRules: [{919E4D0E-7E48-4EF4-BF89-AEFC2A213951}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{8500565B-434D-4211-A055-1D2B9467F3E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DCDE6386-1151-408F-A28D-42B35E4696E2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 00:26:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 10:05:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 06:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 05:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 10:44:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 10:47:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2015 11:58:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 11:05:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2015 11:03:13 PM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::ThumbFetcherThreadFunc

Error: (05/07/2015 10:24:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/13/2015 06:49:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 114.3.0.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/13/2015 06:49:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.197.2220.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/13/2015 06:49:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.197.2220.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/13/2015 06:49:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.197.2220.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/11/2015 03:47:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (05/11/2015 03:47:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (05/11/2015 03:47:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (05/11/2015 03:47:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (05/09/2015 11:58:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 114.3.0.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/09/2015 11:58:18 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.197.1789.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.6.0305.00

        Quellpfad: 4.6.0305.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office Sessions:
=========================
Error: (05/14/2015 00:26:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 10:05:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 06:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 05:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 10:44:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 10:47:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2015 11:58:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 11:05:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2015 11:03:13 PM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::ThumbFetcherThreadFunc

Error: (05/07/2015 10:24:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 8174.45 MB
Available physical RAM: 4772.19 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 12578.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:344.71 GB) NTFS
Drive e: (A1 Dashboard) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive f: (Elements) (Fixed) (Total:1397.26 GB) (Free:428.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8BFD36D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1384 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0005D000)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 14.05.2015 13:43
Zitat:
D:\quarkxpress402\crackauf402\CNCQ402.EXE
Was ist denn das? :blabla:



Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter, wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

hans_t 14.05.2015 14:25
D:\quarkxpress402\crackauf402\CNCQ402.EXE

Quarkxpress hatte ich vor 10 Jahren auf glaube ich win98 laufen, soweit ich mich erinnere ...
Die Version 4 lief auf nachfolgenden Betriebssystemen schon lange nicht mehr.
Wie das hier auf meinen PC kommt weiß ich nicht, bestimmt hatt ich die DVD ins Laufwerk (D) gesteckt und zu starten versucht, bevor ich sie weggeschmissen hatte...

Ich finde das oben genannten Programm, bzw. die Dateien auf meinen PC nicht um sie zu entfernen.

Sorry, was soll ich tun?

M-K-D-B 14.05.2015 19:14
Wir beginnen so:




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

hans_t 14.05.2015 20:13
Vielen Dank fürs weitermachen!
Hier die Logdatein der Reihe nach (MBAM hatte nichts mehr gefunden, daher nichts in Quarantäne und keine Neustart):

Code:
# AdwCleaner v4.204 - Bericht erstellt 14/05/2015 um 20:26:55
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ***name*** - DELLXPS_8300
# Gestarted von : C:\Users\***name***\Desktop\AdwCleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\***name***\AppData\Local\PackageAware
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\***name***\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\invalidprefs.js
Datei Gelöscht : C:\Users\***name***\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : Start Registry Reviver

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.2 (x86 de)

[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=55555");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");
[duzd57xm.default-1387248056970\prefs.js] - Zeile Gelöscht : user_pref("extentions.y2layers.installId", "bb1f5e8c-ffe9-4fae-817c-d48ab9232de1");

*************************

AdwCleaner[R0].txt - [6354 Bytes] - [14/05/2015 20:25:44]
AdwCleaner[S0].txt - [6139 Bytes] - [14/05/2015 20:26:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6198  Bytes] ##########

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 14.05.2015
Suchlauf-Zeit: 20:34:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.14.04
Rootkit Datenbank: v2015.04.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ***name***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350041
Verstrichene Zeit: 12 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by ***name*** on 14.05.2015 at 20:53:19,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Hans_Thurner\AppData\Roaming\mozilla\firefox\profiles\duzd57xm.default-1387248056970\minidumps [55 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2015 at 20:54:59,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

hans_t 14.05.2015 20:14

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by ***name*** (administrator) on DELLXPS_8300 on 14-05-2015 20:57:50
Running from C:\Users\***name***\Desktop
Loaded Profiles: ***name*** (Available profiles: ***name***)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Dashboard\Dashboard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [ACDSeeCommanderUltimate8] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2061832 2015-02-04] ()
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: {7016cca5-fb07-11e0-a09c-fe958973f057} - E:\Autorun.exe
Startup: C:\Users\***name***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A1 Dashboard.lnk [2011-10-21]
ShortcutTarget: A1 Dashboard.lnk -> C:\Program Files (x86)\A1 Dashboard\Dashboard.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
Handler-x32: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL [2001-08-09] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\***name***\AppData\Roaming\Mozilla\Firefox\Profiles\duzd57xm.default-1387248056970
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2002-01-09] (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-16] (Apple Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-04-01] (Macrovision Europe Ltd.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 20:57 - 2015-05-14 20:57 - 00014011 _____ () C:\Users\***name***\Desktop\FRST.txt.txt
2015-05-14 20:54 - 2015-05-14 20:54 - 00000871 _____ () C:\Users\***name***\Desktop\JRT.txt
2015-05-14 20:53 - 2015-05-14 20:53 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELLXPS_8300-Windows-7-Home-Premium-(64-bit).dat
2015-05-14 20:53 - 2015-05-14 20:53 - 00000000 ____D () C:\RegBackup
2015-05-14 20:51 - 2015-05-14 20:51 - 02721175 _____ (Thisisu) C:\Users\***name***\Desktop\JRT.exe
2015-05-14 20:48 - 2015-05-14 20:48 - 00001216 _____ () C:\Users\***name***\Desktop\mbam.txt
2015-05-14 20:31 - 2015-05-14 20:31 - 00006346 _____ () C:\Users\***name***\Desktop\1. AdwCleaner[S0].txt
2015-05-14 20:25 - 2015-05-14 20:26 - 00000000 ____D () C:\AdwCleaner
2015-05-14 20:24 - 2015-05-14 20:26 - 00000750 _____ () C:\Users\***name***\Desktop\Neues Textdokument.txt
2015-05-14 20:23 - 2015-05-14 20:23 - 02209792 _____ () C:\Users\***name***\Desktop\AdwCleaner_4.204.exe
2015-05-14 18:02 - 2015-05-14 20:28 - 00000112 _____ () C:\Windows\setupact.log
2015-05-14 18:02 - 2015-05-14 18:02 - 00000402 _____ () C:\Windows\PFRO.log
2015-05-14 18:02 - 2015-05-14 18:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 17:32 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:32 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:25 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-14 17:25 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-14 17:25 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-14 17:24 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-14 17:24 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-05-14 17:24 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-14 17:24 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-14 17:24 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-14 17:24 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-14 17:24 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-14 17:24 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-14 17:24 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-14 17:24 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-14 17:24 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-14 17:24 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-14 17:24 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-05-14 17:24 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-14 17:24 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-14 17:24 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-14 17:24 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-14 17:24 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-14 17:24 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-14 17:23 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 17:23 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 17:23 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 17:23 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 17:23 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 17:23 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 17:23 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 17:23 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 17:23 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 17:23 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 17:23 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 17:23 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 17:23 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 17:23 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 17:23 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 17:23 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 17:23 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 17:23 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 17:23 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 17:23 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 17:23 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 17:23 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 17:23 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 17:23 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 17:23 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 17:23 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 17:23 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 17:23 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 17:23 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 17:23 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 17:23 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 17:23 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 17:23 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 17:23 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 17:23 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 17:23 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 17:23 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 17:23 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 17:23 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 17:23 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 17:23 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 17:23 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 17:23 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 17:23 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 17:23 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 17:23 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 17:23 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 17:23 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 17:23 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 17:23 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 17:23 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 17:23 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 17:23 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 17:23 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 17:23 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 17:23 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 17:23 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 17:23 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 17:23 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 17:23 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 17:23 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 17:23 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 17:23 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 17:23 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 17:23 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 17:23 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 17:23 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 17:23 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 17:23 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 17:23 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 17:23 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 17:23 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 17:23 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 17:23 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 17:23 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 17:23 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 17:23 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-14 17:23 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-14 17:23 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 17:22 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 17:22 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 17:22 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 17:22 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 17:22 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 17:22 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 17:22 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 17:22 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 17:22 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 17:22 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 17:22 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 17:22 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 17:22 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 17:22 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 17:22 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 17:22 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 17:22 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 17:22 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 17:22 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 17:22 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 17:22 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 17:22 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-14 17:22 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-14 17:22 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-14 17:22 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-14 17:22 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-14 17:22 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-14 17:22 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-14 17:22 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-14 17:22 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-14 17:21 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 17:21 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-14 17:21 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-14 17:21 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-14 17:21 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-05-14 17:21 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-14 17:21 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-14 17:21 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-14 17:21 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 17:21 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 17:21 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-14 17:21 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-14 17:21 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-14 17:21 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-14 17:21 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-14 17:21 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-14 17:21 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-14 17:21 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-14 17:21 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-14 17:21 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-14 17:21 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-14 17:19 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-14 17:18 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-14 17:18 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-14 17:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-14 17:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-14 17:16 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-14 17:16 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-14 17:16 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-14 17:16 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-14 17:16 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-14 11:46 - 2015-05-14 11:46 - 553480765 _____ () C:\Windows\MEMORY.DMP
2015-05-14 11:46 - 2015-05-14 11:46 - 00373400 _____ () C:\Windows\Minidump\051415-27440-01.dmp
2015-05-13 23:50 - 2015-05-14 20:18 - 00000000 ___RD () C:\Users\***name***\Dropbox
2015-05-13 23:39 - 2015-05-14 20:57 - 00000000 ____D () C:\FRST
2015-05-13 23:38 - 2015-05-14 16:02 - 02105856 _____ (Farbar) C:\Users\***name***\Desktop\FRST64.exe
2015-05-13 23:29 - 2015-05-13 23:44 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Nico Mak Computing
2015-05-13 23:04 - 2015-05-14 02:04 - 00000000 ____D () C:\Users\***name***\Desktop\artefakte
2015-05-11 17:00 - 2015-05-11 20:32 - 00000074 _____ () C:\Windows\nepal_01.INI
2015-05-04 12:46 - 2015-05-14 19:39 - 00000000 ____D () C:\Users\***name***\Desktop\nepal benefiz
2015-05-02 01:48 - 2015-05-02 04:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 16:10 - 2015-04-14 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 20:36 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 20:36 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 20:33 - 2011-10-20 22:13 - 00699088 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 20:33 - 2011-10-20 22:13 - 00149228 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 20:33 - 2009-07-14 07:13 - 01619264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 20:31 - 2011-10-20 12:19 - 01120990 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 20:30 - 2014-12-03 17:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 20:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 20:20 - 2012-04-27 20:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 18:07 - 2014-06-11 13:33 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Dropbox
2015-05-14 18:06 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-14 18:04 - 2013-04-29 09:44 - 05208280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-14 17:55 - 2011-10-20 18:30 - 01591928 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-14 17:51 - 2014-12-03 17:29 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 17:51 - 2014-12-03 17:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 17:51 - 2014-12-03 17:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 17:51 - 2011-10-20 18:31 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-14 17:44 - 2011-10-20 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-14 17:43 - 2013-12-17 05:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 14:02 - 2014-06-11 03:09 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-14 11:46 - 2013-02-07 16:12 - 00000000 ____D () C:\Windows\Minidump
2015-05-14 01:18 - 2014-06-11 13:36 - 00001002 _____ () C:\Users\***name***\Desktop\Dropbox.lnk
2015-05-14 01:18 - 2014-06-11 13:35 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-13 23:50 - 2011-10-20 12:30 - 00000000 ____D () C:\Users\***name***
2015-05-13 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-13 21:41 - 2014-12-03 17:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-12 20:38 - 2015-03-19 12:40 - 00000000 ____D () C:\Users\***name***\Desktop\neue medien
2015-05-11 14:06 - 2015-03-29 04:51 - 00000000 ____D () C:\Users\***name***\AppData\Local\ACD Systems
2015-05-03 23:18 - 2015-03-29 04:53 - 00000000 ____D () C:\Users\***name***\AppData\Local\Adobe
2015-05-02 04:08 - 2011-10-20 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-02 04:06 - 2012-04-01 21:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-02 04:06 - 2011-10-20 17:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-30 10:07 - 2012-04-27 20:22 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 16:18 - 2015-01-27 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2015-04-14 09:37 - 2014-12-03 17:42 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-12-03 17:42 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-12-03 17:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-07-26 18:23 - 2014-07-26 18:23 - 0000003 _____ () C:\Users\***name***\AppData\Roaming\CheckWinVer.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0099384 _____ () C:\Users\***name***\AppData\Roaming\inst.exe
2012-12-29 01:11 - 2012-12-29 01:11 - 0007859 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.cat
2012-12-29 01:11 - 2012-12-29 01:11 - 0001167 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.inf
2012-12-29 01:12 - 2012-12-29 01:12 - 0000034 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0082816 _____ (VSO Software) C:\Users\***name***\AppData\Roaming\pcouffin.sys
2011-10-21 03:42 - 2013-04-02 01:54 - 0073728 _____ () C:\Users\***name***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-21 03:05 - 2014-08-07 19:21 - 0007672 _____ () C:\Users\***name***\AppData\Local\Resmon.ResmonCfg
2014-12-23 21:44 - 2014-12-23 21:44 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0014]-[p22].bmp
2014-12-23 21:55 - 2014-12-23 21:56 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0015]-[p22].bmp
2014-12-23 22:06 - 2014-12-23 22:06 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0016]-[p68].bmp
2015-02-17 17:33 - 2015-02-17 17:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-10-20 22:28 - 2015-02-17 13:21 - 0010102 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\***name***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu2gvzh.dll
C:\Users\***name***\AppData\Local\Temp\Quarantine.exe
C:\Users\***name***\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 19:38

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by ***name*** at 2015-05-14 20:58:10
Running from C:\Users\***name***\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3213465492-3622994428-3788502651-500 - Administrator - Disabled)
Gast (S-1-5-21-3213465492-3622994428-3788502651-501 - Limited - Disabled)
***name*** (S-1-5-21-3213465492-3622994428-3788502651-1000 - Administrator - Enabled) => C:\Users\***name***

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
A1 Dashboard (HKLM-x32\...\A1 Dashboard) (Version: 1.15.1.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.15.1.0 - A1 Telekom Austria AG) Hidden
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
ACDSee Ultimate 8 (64-bit) (HKLM\...\{DFD09008-75B2-49AB-A1D1-AEE552B3FD11}) (Version: 8.1.1.386 - ACD Systems International Inc.)
ACDSee Video Converter Pro 4.1 (HKLM-x32\...\ACDSee_acdVCPro) (Version: 4.1.0.166 - ACD Systems International Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Alpenvereinskarten digital (HKLM-x32\...\Alpenvereinskarten digital) (Version:  - )
AMap Fly 5.0 (HKLM-x32\...\{D5647409-6423-426C-AA3A-D0F703A52677}) (Version: 6.6.0.0000 - EADS Deutschland GmbH)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{74000F25-9A0A-B837-215D-7DFCD5641514}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
AV Stumpfl Wings (HKLM-x32\...\AV Stumpfl Wings (V 5.9.0)) (Version: 5.9.0 - AV Stumpfl)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version:  - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video ReMaker 4.0.8.140 (HKLM-x32\...\AVS Video ReMaker_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.2.4.1 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0930.2237.38732 - Ihr Firmenname) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Freizeitkarte_AUT+ (Ausgabe 14.03) (HKLM-x32\...\Freizeitkarte_AUT+) (Version:  - )
Freizeitkarte_TUR (Ausgabe 14.06) (HKLM-x32\...\Freizeitkarte_TUR) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{BC8E822D-0C54-4426-B7D3-876CFC47EFEC}) (Version: 4.4.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Geogrid®-Viewer (x32 Version: 6.6.0.0000 - EADS Deutschland GmbH) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{5C519C69-AC39-40D0-9FF3-1F3FEE4640B2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LMSOFT Web Creator Pro 6 (HKLM-x32\...\Web Creator Pro 6) (Version:  - )
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta Professional 2003 (HKLM-x32\...\{034400C0-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MyFreeCodec) (Version:  - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
ODBC (HKLM-x32\...\ODBC) (Version:  - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
SmartSerialMail V5.1.3 (HKLM-x32\...\SmartSerialMail_is1) (Version: 5.1.3 - JAM Software)
svBuilder (HKLM-x32\...\svBuilder) (Version: 2.3.2 - SimpleViewer Inc)
svBuilder (x32 Version: 2.3.2 - SimpleViewer Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{1A606537-90A1-CECB-F525-BDE6F3731FFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{2D29EC40-E3D8-256C-EAFD-9CBA3425B4DE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-05-2015 15:55:14 Backup_2015_05_14
14-05-2015 17:25:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-23 21:50 - 00000194 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B050B0-9891-4AC4-88F9-808B14019C33} - System32\Tasks\{D07E0C21-D1C5-431A-B3C9-F58A0BC9E625} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {11E2C7E6-02CD-4B85-AD29-8EBB660E3679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {130EDC82-D009-434F-8AF3-8702AD2BD7F0} - System32\Tasks\{1FEA43D4-DD32-4112-B9EF-C89847CF4787} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {18854815-8855-44EA-BD0F-CF2E97E2E7BB} - System32\Tasks\{C2AD4FF3-E4DD-4B5D-9871-3F1E41B23AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1A9527C9-E4AD-4DAE-9ED4-AD68F32DADC9} - System32\Tasks\{25C374D8-51D2-43E3-880D-3A07DE8FE227} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {1ADADDF6-24B8-4D31-AF9E-E8390FD6C951} - System32\Tasks\{0C65CA45-4E98-41BB-8C4D-B485FF1327D8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1CB814C8-EA46-42A2-8851-17388E5B5E23} - System32\Tasks\{3987C4C2-BB85-478D-B7B4-5AD02152F3F4} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {22E2C234-F23F-4A36-BDCD-18CCBFF35A3B} - System32\Tasks\{483BF32D-19AC-44F1-8881-B4F3D27D225A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {279A21EA-BCEE-4F5D-90B8-BABCB0BC859A} - System32\Tasks\{38496090-C565-42B3-97D0-A628DC006B82} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {27E11982-49A5-4D05-8F5F-7968D22FE9C0} - System32\Tasks\{E59FCAA9-6A10-48DD-BCBD-08336921E449} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {28B19B62-D270-4B86-8076-47B68F874D7C} - System32\Tasks\{DF945111-70CA-469B-A348-4CE9861E4E50} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {2E3B053A-64CA-4770-8EF9-3D7A0E24EE7B} - System32\Tasks\{50C68E2D-62AD-4929-9AA9-20256918F156} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {2F789BE8-B0E0-4B47-B95E-28CED0269CDF} - System32\Tasks\{F5CB5B8D-646B-46FA-9222-ABB9A3C7FC1F} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {313645A3-CADF-4491-86AF-9E82E3A5D736} - System32\Tasks\{A7B27D28-AB55-450A-AF53-87685E764915} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {33A53B10-7D93-4C0B-A459-51EDD7509B99} - System32\Tasks\{8F2175A3-39ED-412C-B6B5-E21FAABF6B74} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {36E09EC4-F04C-4E81-B25B-A09E8BC72142} - System32\Tasks\{554AEC8D-2C04-4BB4-A67A-9C1F5BE2D62B} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {37223614-0D31-4AB9-91A8-CFEF2FD69D91} - System32\Tasks\{7B3EF58C-8B65-4F43-9E97-0C1473F0E40F} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {3B199697-E8EC-4A98-A79D-09FE95EEED04} - System32\Tasks\hpUrlLauncher.exe_{A558F23D-DFFF-402A-AC04-4969ADA7A967} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22] (Hewlett-Packard Development Company, LP)
Task: {3B9FFA7C-BAFD-40E3-828F-4E16B6F59AB2} - System32\Tasks\{86B3287C-1F20-43FE-B0BB-939A6725BB97} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {4519F539-22D5-4AAD-B22F-3EEE3C3BE316} - System32\Tasks\{F58136A8-2DF5-4AF5-960F-F600538820C3} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {45F2AC92-99B1-4B95-9B11-0E5DC107B207} - System32\Tasks\{3C85C242-DA6A-43C1-8887-F5A8E1F2257C} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {45F7CD71-1FF6-4E51-8F7B-6AC714FD6652} - System32\Tasks\{4724A133-FBDC-47B2-976E-2FF7F49383DC} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {5164CFA8-A946-4905-A424-E66EB307E913} - System32\Tasks\{51843A71-A9CB-4FEE-8833-950C1A16ED52} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {517732E8-E166-4F26-ACC4-CB396F2040B8} - System32\Tasks\{F5539E37-1A06-4B82-B9B2-10A65AD04EA8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {539A6204-CA1C-4A53-BF7C-8036E621DC33} - System32\Tasks\{B555425E-9C5E-48B0-AC96-DD9463807AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {53B3239E-A146-4614-BC3F-C986B9E747AE} - System32\Tasks\{8167160D-7A31-486E-A36C-762166D7F30D} => pcalua.exe -a "K:\tray backup.exe" -d K:\
Task: {5A0BDCA0-1E22-47CA-9CE6-007A9E49C380} - System32\Tasks\{4A686B65-891D-4EFE-84BC-41DBC41195D0} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {634E3A81-0AD7-4929-910F-67A87C72599B} - System32\Tasks\{0BA9B6CB-A377-4802-A89B-A3FB75BD6DBA} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {6D0F9806-7B46-4DD2-80BA-7EA8837A9BCD} - System32\Tasks\{3E5165E2-4BC9-459F-B932-D13C9FCA1C63} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {6E9B0248-0D67-4579-A491-F95A55D96ACF} - System32\Tasks\{CD21EC92-0374-45AF-BF92-9F19AFBC43EB} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {70198EC3-6054-42F4-B5DE-47D254BE30C2} - System32\Tasks\{73898398-0F49-459D-97CB-CD9DFEB7377A} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {75A0A118-AE81-4500-80ED-DC454D6F994D} - System32\Tasks\{AA988495-8EE2-47D0-B4D5-52FB90F2C77B} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {7FCCD65B-DEAE-4AE5-ADD9-7E6FC0B2FAE0} - System32\Tasks\{32416E6A-A660-4782-9AF2-C5FDBEC81468} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {817D84F5-787B-4731-A27C-F912AFE45012} - System32\Tasks\{BDA33A93-8B77-48AD-91DB-9C24BE586570} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {963FD547-9465-45BD-BACB-E8AD19941B07} - System32\Tasks\{1493D980-8E5B-4519-9043-57BC225C1086} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {98735C27-3CE5-4D32-8AC2-75E5D24D57AD} - System32\Tasks\{23EDC648-ED8D-4B05-A331-292C118D6086} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {9E73144E-2A24-4493-AE1F-D2529EF66566} - System32\Tasks\{E56BC32D-65B6-4827-AF2B-2B39448F5D4A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AABEF030-1A06-4782-82F2-300AC94F548D} - System32\Tasks\{228347CE-8583-4153-AD48-620BDB2D66D5} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {AB6A4D83-97B1-4273-B236-5C3E20EE5DB2} - System32\Tasks\{1172F15B-DDE5-4E45-84E4-1CD7BB24F259} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {ACFFEFE8-419F-47BA-A6D8-A240CE0C6187} - System32\Tasks\{1A3377AE-1094-42B5-B72C-E0985785933B} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AF2C240E-995A-481F-9B64-6163841CC745} - System32\Tasks\{B2F8CBF8-5B51-4F71-83A6-AEAF8910D9E6} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B028A77C-5EE3-4874-87AE-C568EF32E0E4} - System32\Tasks\{B306D38A-4B98-4A67-A155-6A8FA07C3ED0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {B251BD8F-9BA8-49DB-BB76-BCE70C9A5A4F} - System32\Tasks\{4868EAC3-E0C9-4267-BE34-1BE206397DD0} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B7F24BA5-155B-4360-BAA6-361241ACE069} - System32\Tasks\{F0A209F7-2C0E-485A-BAD4-A729ADDE2B24} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B91FFCDB-E6CE-411E-9812-BD16D04B009F} - System32\Tasks\{7196370E-77F5-4FB8-B633-2DE26324FB56} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {C22EC2F4-5051-4C88-86B0-C5E782860CA1} - System32\Tasks\{BF4587D2-730D-4626-ACDE-7D8372FAB1AD} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {CAD81C9D-E42C-4358-9CD6-C5DF69C1EC54} - System32\Tasks\{666CA076-2F51-41C5-8DAD-0D246B972A05} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {D3227F87-9F35-4019-81FC-C1F20C7262B1} - System32\Tasks\{2FBD8F12-6BC4-4DE1-8B99-AE2E21ED3FF0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {D3FED5A5-BE92-4A9C-893B-82EE451F3BE5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D6AF886E-A8BE-4672-BFE5-4B31A8763F40} - System32\Tasks\{0097006A-6CB3-4E76-AC8F-27D4A4CDCA8E} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {D814276E-4162-46B0-8A99-087614276940} - System32\Tasks\{FE6C2B63-2455-41E1-A53F-026C169CAF94} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {D85225B2-1656-4332-8E1F-F2F7A6F37831} - System32\Tasks\{5AB9579A-8732-4A8D-A399-51CB363A3994} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {D8ACFAED-F069-4656-AD76-DF5892646DA4} - System32\Tasks\{DD76B277-84D4-42FD-9F80-AC6744C50090} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {DC864D60-02A3-466D-9E87-FCCA23387F69} - System32\Tasks\{16395E5E-A1C7-4689-ABF9-80FA03E00808} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {DDE01C0A-F955-4C74-AB16-F8AEFB771CBF} - System32\Tasks\{91AA85FB-002E-4F88-BC90-89412590E8EE} => pcalua.exe -a "C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\web creator pro 5\WC5ProInstall200.EXE" -d "C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\web creator pro 5"
Task: {E81E7297-BD44-4440-BEB4-641D0E14E724} - System32\Tasks\{9E189C0A-E6BF-4088-99CF-2F0C1BE695D7} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {E9EC93B7-BB21-4E18-BAE0-866E9F400548} - System32\Tasks\{109AC7AD-6F58-4E75-8CB1-BC6E4A5E60AA} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {EA72CE08-B2C2-4924-B89A-2FF804C49349} - System32\Tasks\{190648A2-E50A-48B5-A38F-D30967DA27B1} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {EC24FE2D-DF79-46DE-8FBC-7E2246C298FA} - System32\Tasks\{D059CC8C-452D-45F2-A916-9379F7A58F29} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F2D401A8-7AAD-4CE0-9081-4FF71D62D7D8} - System32\Tasks\{4BDD7645-B1BC-4843-ADD1-64B2F8261C36} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F67C5D37-16BE-44AF-B08D-0262B2725AE4} - System32\Tasks\hpUrlLauncher.exe_{E6CEA810-0FE6-47D8-9A3A-522506D50EDE} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22] (Hewlett-Packard Development Company, LP)
Task: {F724AFBA-42BB-4BE7-B290-E2633900BF65} - System32\Tasks\{7927AB28-D17C-4641-A4C2-A8A1F0ED0729} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {FD4D4B06-ACBE-4B6B-BB4E-3180F5B40ED4} - System32\Tasks\{7DAF67E2-1C65-448D-B2A2-135FF3012E74} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {FDE70701-DEAE-414B-AC26-A8BE4D5518AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-02-04 12:02 - 2015-02-04 12:02 - 02061832 _____ () C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
2010-08-19 19:32 - 2010-08-19 19:32 - 00086016 _____ () C:\Program Files (x86)\A1 Dashboard\resetregistry.dll
2011-04-18 09:16 - 2011-04-18 09:16 - 01421824 _____ () C:\Program Files (x86)\A1 Dashboard\Skins\A1\A1Skin.dbskin
2015-03-16 13:51 - 2015-03-16 13:51 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
AlternateDataStreams: C:\ProgramData\TEMP:7E63EC98

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***name***\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ACPW05DE => "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SmartSerialMail Versand => C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMailServiceApp.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{3091EE42-36DE-454F-9350-B91F7C7545F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{BDB8FFC4-E434-4D27-96D8-3E83121216F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0D7A4497-79A8-4926-B61F-4FC58063362C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{82096AA0-42FD-40DC-AB4C-6FC9CF6BC619}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{92F0F32B-42B2-49F6-BA18-18DE806FF4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BAC352A7-5851-4EB0-8B7E-D8635AB8C7C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{225DA7FE-0DD6-4BDB-B6F4-74825F8E1C4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C8ACA1A2-3F92-4D58-8E78-9C50B7D8F46F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{AAE908A1-4D97-4DFC-903B-8629FC75CB92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C680AF17-AFBA-4223-9B43-433DF42019BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{49E2C73A-7E4A-4484-8FE5-3995F5A9333E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [TCP Query User{8669B727-76C7-48B4-A5DF-1E142DE6E8AB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{C0C25388-CB6D-4FEE-9630-A02A79C9BA5C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{C511E6DB-5FBD-4EEB-8F02-94E3CD8B8EC6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{87DEF01C-F0E9-48E9-A025-AD835CB86C19}C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [UDP Query User{A7CF7E79-4AF5-4F09-B545-6D1DA113AB6F}C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [TCP Query User{EC4CCCE1-D7F7-4D9D-9ADD-E3D54696FD2D}C:\program files (x86)\av stumpfl\wings 5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [UDP Query User{E7994D36-A4A7-4238-8898-85C4415F1F1F}C:\program files (x86)\av stumpfl\wings 5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{EA32D7AF-9261-4B85-9E88-5623BBCCF6EF}] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{C9D11AF4-1C7C-4679-8EEA-83B532B188F7}] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{F2450001-372F-4FA7-AB29-37360499B565}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6FA9C52A-B68B-414B-8B31-B1829890FAA1}] => (Allow) C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMail.exe
FirewallRules: [{E645DC52-F34A-4FD8-855B-8ACC53E41819}] => (Allow) C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMailServiceApp.exe
FirewallRules: [{38B74D08-8ED5-48AE-9E54-F8E2DD5C635F}] => (Allow) C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\spamd.exe
FirewallRules: [TCP Query User{6F04F8A5-4214-4A61-8E58-8539547CF495}C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [UDP Query User{0E6DE58A-24C2-4174-9956-62C5AA8A3AFA}C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [{7082D1E7-57DB-450D-B19B-C144ED8ED3F5}] => (Allow) C:\Users\***name***\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8DEBED6A-3A39-433A-94B4-06B8E46D6BC8}] => (Allow) C:\Users\***name***\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B62CD113-8EB4-4C39-B702-A1D596B04C4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3ED69F24-18B6-4BA7-BB06-562B345949C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EABF833B-A963-4F00-A848-28B049CA8526}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{498C015F-DD6C-48BA-BC9F-535FE40A38BD}] => (Allow) LPort=5357
FirewallRules: [{919E4D0E-7E48-4EF4-BF89-AEFC2A213951}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{8500565B-434D-4211-A055-1D2B9467F3E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DCDE6386-1151-408F-A28D-42B35E4696E2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 08:29:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 06:03:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 01:22:06 PM) (Source: SmartSerialMail) (EventID: 0) (User: DellXPS_8300)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 00563453 in module 'SmartSerialMail.exe'. Read of address 00000010
----------------------------------------------------------------------------------------------------------------------------
|Adresse |Modul              |Einheit              |Klasse              |Prozedur/Methode                        |Linie  |
----------------------------------------------------------------------------------------------------------------------------
|009FD3B7|SmartSerialMail.exe|SSM.UI.Ribbon.pas    |UI                  |Ribbon.TBoogieRibbonForm.CreateParams  |280[1]  |
|77CAE01E|ntdll.dll          |                      |                    |RtlFreeHeap                            |        |
|769AD1E0|USER32.dll        |                      |                    |EnumWindows                            |        |
|769AD1CF|USER32.dll        |                      |                    |EnumWindows                            |        |
|769EC21A|USER32.dll        |                      |                    |GetRawInputDeviceInfoW                  |        |
|00861A70|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5252[16]|
|008619CC|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5236[0] |
|00C0BB3C|SmartSerialMail.exe|SSM.UI.Html.Edit.pas  |UI                  |Html.Edit.THtmlEdit.Destroy            |545[2]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00D7E564|SmartSerialMail.exe|SSM.UI.Main.pas      |UI                  |Main.TMainform.Destroy                  |798[2]  |
|77CAE813|ntdll.dll          |                      |                    |RtlEqualUnicodeString                  |        |
|77CAEFAA|ntdll.dll          |                      |                    |RtlDosApplyFileIsolationRedirection_Ustr|        |
|77CA2280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|770A74F6|KERNELBASE.dll    |                      |                    |GetErrorMode                            |        |
|770A7551|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|770A7520|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|77CAFD58|ntdll.dll          |                      |                    |LdrGetDllHandleEx                      |        |
|77CAFD4A|ntdll.dll          |                      |                    |LdrGetDllHandle                        |        |
|77CA2280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|77CB6CBE|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77CB6CC5|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77CA2280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
----------------------------------------------------------------------------------------------------------------------------

Error: (05/14/2015 11:49:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 10:35:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 00:26:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 10:05:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 06:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 05:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 10:44:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/14/2015 08:53:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2015 08:53:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2015 08:53:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X86" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2015 08:53:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Broadcom Management Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2015 08:53:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2015 08:53:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2015 08:27:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/14/2015 08:26:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2015 08:26:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2015 08:26:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/14/2015 08:29:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 06:03:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 01:22:06 PM) (Source: SmartSerialMail) (EventID: 0) (User: DellXPS_8300)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 00563453 in module 'SmartSerialMail.exe'. Read of address 00000010
----------------------------------------------------------------------------------------------------------------------------
|Adresse |Modul              |Einheit              |Klasse              |Prozedur/Methode                        |Linie  |
----------------------------------------------------------------------------------------------------------------------------
|009FD3B7|SmartSerialMail.exe|SSM.UI.Ribbon.pas    |UI                  |Ribbon.TBoogieRibbonForm.CreateParams  |280[1]  |
|77CAE01E|ntdll.dll          |                      |                    |RtlFreeHeap                            |        |
|769AD1E0|USER32.dll        |                      |                    |EnumWindows                            |        |
|769AD1CF|USER32.dll        |                      |                    |EnumWindows                            |        |
|769EC21A|USER32.dll        |                      |                    |GetRawInputDeviceInfoW                  |        |
|00861A70|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5252[16]|
|008619CC|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5236[0] |
|00C0BB3C|SmartSerialMail.exe|SSM.UI.Html.Edit.pas  |UI                  |Html.Edit.THtmlEdit.Destroy            |545[2]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00D7E564|SmartSerialMail.exe|SSM.UI.Main.pas      |UI                  |Main.TMainform.Destroy                  |798[2]  |
|77CAE813|ntdll.dll          |                      |                    |RtlEqualUnicodeString                  |        |
|77CAEFAA|ntdll.dll          |                      |                    |RtlDosApplyFileIsolationRedirection_Ustr|        |
|77CA2280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|770A74F6|KERNELBASE.dll    |                      |                    |GetErrorMode                            |        |
|770A7551|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|770A7520|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|77CAFD58|ntdll.dll          |                      |                    |LdrGetDllHandleEx                      |        |
|77CAFD4A|ntdll.dll          |                      |                    |LdrGetDllHandle                        |        |
|77CA2280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|77CB6CBE|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77CB6CC5|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77CA2280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
----------------------------------------------------------------------------------------------------------------------------

Error: (05/14/2015 11:49:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 10:35:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 00:26:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 10:05:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 06:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 05:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 10:44:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8174.45 MB
Available physical RAM: 6348.2 MB
Total Pagefile: 16347.08 MB
Available Pagefile: 14383.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:344.38 GB) NTFS
Drive e: (A1 Dashboard) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8BFD36D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1384 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 15.05.2015 20:16
Servus,



sind die "Artefakte" immer noch zu sehen? Wenn ja, in welchem Browser?





Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{1A606537-90A1-CECB-F525-BDE6F3731FFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{2D29EC40-E3D8-256C-EAFD-9CBA3425B4DE}\InprocServer32 -> No File Path
Task: {02B050B0-9891-4AC4-88F9-808B14019C33} - System32\Tasks\{D07E0C21-D1C5-431A-B3C9-F58A0BC9E625} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {18854815-8855-44EA-BD0F-CF2E97E2E7BB} - System32\Tasks\{C2AD4FF3-E4DD-4B5D-9871-3F1E41B23AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1ADADDF6-24B8-4D31-AF9E-E8390FD6C951} - System32\Tasks\{0C65CA45-4E98-41BB-8C4D-B485FF1327D8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1CB814C8-EA46-42A2-8851-17388E5B5E23} - System32\Tasks\{3987C4C2-BB85-478D-B7B4-5AD02152F3F4} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {27E11982-49A5-4D05-8F5F-7968D22FE9C0} - System32\Tasks\{E59FCAA9-6A10-48DD-BCBD-08336921E449} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {37223614-0D31-4AB9-91A8-CFEF2FD69D91} - System32\Tasks\{7B3EF58C-8B65-4F43-9E97-0C1473F0E40F} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {3B9FFA7C-BAFD-40E3-828F-4E16B6F59AB2} - System32\Tasks\{86B3287C-1F20-43FE-B0BB-939A6725BB97} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {4519F539-22D5-4AAD-B22F-3EEE3C3BE316} - System32\Tasks\{F58136A8-2DF5-4AF5-960F-F600538820C3} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {45F7CD71-1FF6-4E51-8F7B-6AC714FD6652} - System32\Tasks\{4724A133-FBDC-47B2-976E-2FF7F49383DC} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {517732E8-E166-4F26-ACC4-CB396F2040B8} - System32\Tasks\{F5539E37-1A06-4B82-B9B2-10A65AD04EA8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {539A6204-CA1C-4A53-BF7C-8036E621DC33} - System32\Tasks\{B555425E-9C5E-48B0-AC96-DD9463807AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {70198EC3-6054-42F4-B5DE-47D254BE30C2} - System32\Tasks\{73898398-0F49-459D-97CB-CD9DFEB7377A} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {75A0A118-AE81-4500-80ED-DC454D6F994D} - System32\Tasks\{AA988495-8EE2-47D0-B4D5-52FB90F2C77B} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {7FCCD65B-DEAE-4AE5-ADD9-7E6FC0B2FAE0} - System32\Tasks\{32416E6A-A660-4782-9AF2-C5FDBEC81468} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {817D84F5-787B-4731-A27C-F912AFE45012} - System32\Tasks\{BDA33A93-8B77-48AD-91DB-9C24BE586570} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {AABEF030-1A06-4782-82F2-300AC94F548D} - System32\Tasks\{228347CE-8583-4153-AD48-620BDB2D66D5} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {B028A77C-5EE3-4874-87AE-C568EF32E0E4} - System32\Tasks\{B306D38A-4B98-4A67-A155-6A8FA07C3ED0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {C22EC2F4-5051-4C88-86B0-C5E782860CA1} - System32\Tasks\{BF4587D2-730D-4626-ACDE-7D8372FAB1AD} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {CAD81C9D-E42C-4358-9CD6-C5DF69C1EC54} - System32\Tasks\{666CA076-2F51-41C5-8DAD-0D246B972A05} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {D3227F87-9F35-4019-81FC-C1F20C7262B1} - System32\Tasks\{2FBD8F12-6BC4-4DE1-8B99-AE2E21ED3FF0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {E9EC93B7-BB21-4E18-BAE0-866E9F400548} - System32\Tasks\{109AC7AD-6F58-4E75-8CB1-BC6E4A5E60AA} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {EC24FE2D-DF79-46DE-8FBC-7E2246C298FA} - System32\Tasks\{D059CC8C-452D-45F2-A916-9379F7A58F29} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F2D401A8-7AAD-4CE0-9081-4FF71D62D7D8} - System32\Tasks\{4BDD7645-B1BC-4843-ADD1-64B2F8261C36} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F724AFBA-42BB-4BE7-B290-E2633900BF65} - System32\Tasks\{7927AB28-D17C-4641-A4C2-A8A1F0ED0729} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {FD4D4B06-ACBE-4B6B-BB4E-3180F5B40ED4} - System32\Tasks\{7DAF67E2-1C65-448D-B2A2-135FF3012E74} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
AlternateDataStreams: C:\ProgramData\TEMP:7E63EC98
C:\Windows\system32\Drivers\etc\hosts
Hosts:
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

hans_t 16.05.2015 18:22
Hallo,
>Artefakte sind nur zu sehen mit Mozzila Firefox und wenn ich in Facebook eingeloggt bin!
>Wenn ich aus Facebook auslogge sind die Artefakte weg.
>Mit Internet Explorer sind in keinem Fall Artefakte.

Aber ganz zu 100% sagen kann ich es nicht, da die Artefakte nicht regelmässig auftauchen und somit das Problem nicht zuverlässig reproduzierbar ist.

Danke! lg

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by ***name*** at 2015-05-16 14:55:30 Run:1
Running from C:\Users\***name***\Desktop
Loaded Profiles: ***name*** (Available profiles: ***name***)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{1A606537-90A1-CECB-F525-BDE6F3731FFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{2D29EC40-E3D8-256C-EAFD-9CBA3425B4DE}\InprocServer32 -> No File Path
Task: {02B050B0-9891-4AC4-88F9-808B14019C33} - System32\Tasks\{D07E0C21-D1C5-431A-B3C9-F58A0BC9E625} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {18854815-8855-44EA-BD0F-CF2E97E2E7BB} - System32\Tasks\{C2AD4FF3-E4DD-4B5D-9871-3F1E41B23AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1ADADDF6-24B8-4D31-AF9E-E8390FD6C951} - System32\Tasks\{0C65CA45-4E98-41BB-8C4D-B485FF1327D8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {1CB814C8-EA46-42A2-8851-17388E5B5E23} - System32\Tasks\{3987C4C2-BB85-478D-B7B4-5AD02152F3F4} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {27E11982-49A5-4D05-8F5F-7968D22FE9C0} - System32\Tasks\{E59FCAA9-6A10-48DD-BCBD-08336921E449} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {37223614-0D31-4AB9-91A8-CFEF2FD69D91} - System32\Tasks\{7B3EF58C-8B65-4F43-9E97-0C1473F0E40F} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {3B9FFA7C-BAFD-40E3-828F-4E16B6F59AB2} - System32\Tasks\{86B3287C-1F20-43FE-B0BB-939A6725BB97} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {4519F539-22D5-4AAD-B22F-3EEE3C3BE316} - System32\Tasks\{F58136A8-2DF5-4AF5-960F-F600538820C3} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {45F7CD71-1FF6-4E51-8F7B-6AC714FD6652} - System32\Tasks\{4724A133-FBDC-47B2-976E-2FF7F49383DC} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {517732E8-E166-4F26-ACC4-CB396F2040B8} - System32\Tasks\{F5539E37-1A06-4B82-B9B2-10A65AD04EA8} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {539A6204-CA1C-4A53-BF7C-8036E621DC33} - System32\Tasks\{B555425E-9C5E-48B0-AC96-DD9463807AF1} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {70198EC3-6054-42F4-B5DE-47D254BE30C2} - System32\Tasks\{73898398-0F49-459D-97CB-CD9DFEB7377A} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {75A0A118-AE81-4500-80ED-DC454D6F994D} - System32\Tasks\{AA988495-8EE2-47D0-B4D5-52FB90F2C77B} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {7FCCD65B-DEAE-4AE5-ADD9-7E6FC0B2FAE0} - System32\Tasks\{32416E6A-A660-4782-9AF2-C5FDBEC81468} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {817D84F5-787B-4731-A27C-F912AFE45012} - System32\Tasks\{BDA33A93-8B77-48AD-91DB-9C24BE586570} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {AABEF030-1A06-4782-82F2-300AC94F548D} - System32\Tasks\{228347CE-8583-4153-AD48-620BDB2D66D5} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {B028A77C-5EE3-4874-87AE-C568EF32E0E4} - System32\Tasks\{B306D38A-4B98-4A67-A155-6A8FA07C3ED0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {C22EC2F4-5051-4C88-86B0-C5E782860CA1} - System32\Tasks\{BF4587D2-730D-4626-ACDE-7D8372FAB1AD} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {CAD81C9D-E42C-4358-9CD6-C5DF69C1EC54} - System32\Tasks\{666CA076-2F51-41C5-8DAD-0D246B972A05} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {D3227F87-9F35-4019-81FC-C1F20C7262B1} - System32\Tasks\{2FBD8F12-6BC4-4DE1-8B99-AE2E21ED3FF0} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {E9EC93B7-BB21-4E18-BAE0-866E9F400548} - System32\Tasks\{109AC7AD-6F58-4E75-8CB1-BC6E4A5E60AA} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {EC24FE2D-DF79-46DE-8FBC-7E2246C298FA} - System32\Tasks\{D059CC8C-452D-45F2-A916-9379F7A58F29} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F2D401A8-7AAD-4CE0-9081-4FF71D62D7D8} - System32\Tasks\{4BDD7645-B1BC-4843-ADD1-64B2F8261C36} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {F724AFBA-42BB-4BE7-B290-E2633900BF65} - System32\Tasks\{7927AB28-D17C-4641-A4C2-A8A1F0ED0729} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
Task: {FD4D4B06-ACBE-4B6B-BB4E-3180F5B40ED4} - System32\Tasks\{7DAF67E2-1C65-448D-B2A2-135FF3012E74} => D:\quarkxpress402\crackauf402\CNCQ402.EXE
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
AlternateDataStreams: C:\ProgramData\TEMP:7E63EC98
C:\Windows\system32\Drivers\etc\hosts
Hosts:
RemoveProxy:
EmptyTemp:
end
*****************

Processes closed successfully.
"HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{1A606537-90A1-CECB-F525-BDE6F3731FFC}" => Key deleted successfully.
"HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{2D29EC40-E3D8-256C-EAFD-9CBA3425B4DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02B050B0-9891-4AC4-88F9-808B14019C33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B050B0-9891-4AC4-88F9-808B14019C33}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D07E0C21-D1C5-431A-B3C9-F58A0BC9E625} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D07E0C21-D1C5-431A-B3C9-F58A0BC9E625}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18854815-8855-44EA-BD0F-CF2E97E2E7BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18854815-8855-44EA-BD0F-CF2E97E2E7BB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C2AD4FF3-E4DD-4B5D-9871-3F1E41B23AF1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C2AD4FF3-E4DD-4B5D-9871-3F1E41B23AF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ADADDF6-24B8-4D31-AF9E-E8390FD6C951}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ADADDF6-24B8-4D31-AF9E-E8390FD6C951}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0C65CA45-4E98-41BB-8C4D-B485FF1327D8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C65CA45-4E98-41BB-8C4D-B485FF1327D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CB814C8-EA46-42A2-8851-17388E5B5E23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CB814C8-EA46-42A2-8851-17388E5B5E23}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3987C4C2-BB85-478D-B7B4-5AD02152F3F4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3987C4C2-BB85-478D-B7B4-5AD02152F3F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27E11982-49A5-4D05-8F5F-7968D22FE9C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27E11982-49A5-4D05-8F5F-7968D22FE9C0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E59FCAA9-6A10-48DD-BCBD-08336921E449} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E59FCAA9-6A10-48DD-BCBD-08336921E449}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37223614-0D31-4AB9-91A8-CFEF2FD69D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37223614-0D31-4AB9-91A8-CFEF2FD69D91}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7B3EF58C-8B65-4F43-9E97-0C1473F0E40F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B3EF58C-8B65-4F43-9E97-0C1473F0E40F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B9FFA7C-BAFD-40E3-828F-4E16B6F59AB2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B9FFA7C-BAFD-40E3-828F-4E16B6F59AB2}" => Key deleted successfully.
C:\Windows\System32\Tasks\{86B3287C-1F20-43FE-B0BB-939A6725BB97} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86B3287C-1F20-43FE-B0BB-939A6725BB97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4519F539-22D5-4AAD-B22F-3EEE3C3BE316}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4519F539-22D5-4AAD-B22F-3EEE3C3BE316}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F58136A8-2DF5-4AF5-960F-F600538820C3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F58136A8-2DF5-4AF5-960F-F600538820C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45F7CD71-1FF6-4E51-8F7B-6AC714FD6652}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45F7CD71-1FF6-4E51-8F7B-6AC714FD6652}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4724A133-FBDC-47B2-976E-2FF7F49383DC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4724A133-FBDC-47B2-976E-2FF7F49383DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{517732E8-E166-4F26-ACC4-CB396F2040B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517732E8-E166-4F26-ACC4-CB396F2040B8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F5539E37-1A06-4B82-B9B2-10A65AD04EA8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F5539E37-1A06-4B82-B9B2-10A65AD04EA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{539A6204-CA1C-4A53-BF7C-8036E621DC33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{539A6204-CA1C-4A53-BF7C-8036E621DC33}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B555425E-9C5E-48B0-AC96-DD9463807AF1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B555425E-9C5E-48B0-AC96-DD9463807AF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70198EC3-6054-42F4-B5DE-47D254BE30C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70198EC3-6054-42F4-B5DE-47D254BE30C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\{73898398-0F49-459D-97CB-CD9DFEB7377A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73898398-0F49-459D-97CB-CD9DFEB7377A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75A0A118-AE81-4500-80ED-DC454D6F994D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75A0A118-AE81-4500-80ED-DC454D6F994D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AA988495-8EE2-47D0-B4D5-52FB90F2C77B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AA988495-8EE2-47D0-B4D5-52FB90F2C77B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FCCD65B-DEAE-4AE5-ADD9-7E6FC0B2FAE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FCCD65B-DEAE-4AE5-ADD9-7E6FC0B2FAE0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{32416E6A-A660-4782-9AF2-C5FDBEC81468} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32416E6A-A660-4782-9AF2-C5FDBEC81468}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{817D84F5-787B-4731-A27C-F912AFE45012}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817D84F5-787B-4731-A27C-F912AFE45012}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BDA33A93-8B77-48AD-91DB-9C24BE586570} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BDA33A93-8B77-48AD-91DB-9C24BE586570}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AABEF030-1A06-4782-82F2-300AC94F548D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AABEF030-1A06-4782-82F2-300AC94F548D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{228347CE-8583-4153-AD48-620BDB2D66D5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{228347CE-8583-4153-AD48-620BDB2D66D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B028A77C-5EE3-4874-87AE-C568EF32E0E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B028A77C-5EE3-4874-87AE-C568EF32E0E4}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B306D38A-4B98-4A67-A155-6A8FA07C3ED0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B306D38A-4B98-4A67-A155-6A8FA07C3ED0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C22EC2F4-5051-4C88-86B0-C5E782860CA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C22EC2F4-5051-4C88-86B0-C5E782860CA1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BF4587D2-730D-4626-ACDE-7D8372FAB1AD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF4587D2-730D-4626-ACDE-7D8372FAB1AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAD81C9D-E42C-4358-9CD6-C5DF69C1EC54}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAD81C9D-E42C-4358-9CD6-C5DF69C1EC54}" => Key deleted successfully.
C:\Windows\System32\Tasks\{666CA076-2F51-41C5-8DAD-0D246B972A05} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{666CA076-2F51-41C5-8DAD-0D246B972A05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3227F87-9F35-4019-81FC-C1F20C7262B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3227F87-9F35-4019-81FC-C1F20C7262B1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2FBD8F12-6BC4-4DE1-8B99-AE2E21ED3FF0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2FBD8F12-6BC4-4DE1-8B99-AE2E21ED3FF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9EC93B7-BB21-4E18-BAE0-866E9F400548}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9EC93B7-BB21-4E18-BAE0-866E9F400548}" => Key deleted successfully.
C:\Windows\System32\Tasks\{109AC7AD-6F58-4E75-8CB1-BC6E4A5E60AA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{109AC7AD-6F58-4E75-8CB1-BC6E4A5E60AA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC24FE2D-DF79-46DE-8FBC-7E2246C298FA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC24FE2D-DF79-46DE-8FBC-7E2246C298FA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D059CC8C-452D-45F2-A916-9379F7A58F29} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D059CC8C-452D-45F2-A916-9379F7A58F29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2D401A8-7AAD-4CE0-9081-4FF71D62D7D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2D401A8-7AAD-4CE0-9081-4FF71D62D7D8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4BDD7645-B1BC-4843-ADD1-64B2F8261C36} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4BDD7645-B1BC-4843-ADD1-64B2F8261C36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F724AFBA-42BB-4BE7-B290-E2633900BF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F724AFBA-42BB-4BE7-B290-E2633900BF65}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7927AB28-D17C-4641-A4C2-A8A1F0ED0729} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7927AB28-D17C-4641-A4C2-A8A1F0ED0729}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD4D4B06-ACBE-4B6B-BB4E-3180F5B40ED4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4D4B06-ACBE-4B6B-BB4E-3180F5B40ED4}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7DAF67E2-1C65-448D-B2A2-135FF3012E74} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DAF67E2-1C65-448D-B2A2-135FF3012E74}" => Key deleted successfully.
C:\ProgramData\TEMP => ":5F64C164" ADS removed successfully.
C:\ProgramData\TEMP => ":7E63EC98" ADS removed successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 924.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:58:38 ====

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=45c2c95fdaa9e14d92a2ff6837c98f3c
# engine=23879
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 01:16:08
# local_time=2015-05-16 03:16:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 163507 54762562 0 0
# scanned=529
# found=0
# cleaned=0
# scan_time=134
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=45c2c95fdaa9e14d92a2ff6837c98f3c
# engine=23879
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 04:56:19
# local_time=2015-05-16 06:56:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 176718 54775773 0 0
# scanned=527972
# found=3
# cleaned=0
# scan_time=13037
sh=1AC776C7B5533F399E481EE6E338FDE04F2A0CDD ft=1 fh=a6a51f66a26a47cf vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AAD6F1CAA5C35AEEFCFBE646FB5093D2FB559AEC ft=1 fh=2ca4112e4b89bd5a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\ashampoo_burning_studio_elements_10.0.9_8678.exe"
sh=AAD6F1CAA5C35AEEFCFBE646FB5093D2FB559AEC ft=1 fh=2ca4112e4b89bd5a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\A_Eigene Dateien\Programme installations dateien\ashampoo_burning_studio_elements_10.0.9_8678.exe"

Code:
Results of screen317's Security Check version 1.001 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 AVS Registry Cleaner version 2.2
 Adobe Flash Player 17.0.0.134 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox (37.0.2)
 Mozilla Thunderbird (31.6.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 17.05.2015 12:28
Servus,



FF :::
setze bitte Firefox wie folgt zurück:
Firefox zurücksetzen



  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

hans_t 17.05.2015 12:58

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by ***name*** (administrator) on DELLXPS_8300 on 17-05-2015 13:53:37
Running from C:\Users\***name***\Desktop
Loaded Profiles: ***name*** (Available profiles: ***name***)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files

(x86)\A1 Dashboard\Dashboard.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application

\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek

Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft

Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304

2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application

\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28]

(Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056

2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support

\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [ACDSeeCommanderUltimate8] => C:\Program

Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2061832 2015-02-04] ()
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: {7016cca5-fb07-11e0-a09c-

fe958973f057} - E:\Autorun.exe
Startup: C:\Users\***name***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A1 Dashboard.lnk

[2011-10-21]
ShortcutTarget: A1 Dashboard.lnk -> C:\Program Files (x86)\A1 Dashboard\Dashboard.exe (mquadr.at software

engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer\Main,Start Page =

about:blank
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
Handler-x32: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files (x86)\Common Files\Microsoft

Shared\Encarta Researcher\MSERO.DLL [2001-08-09] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found

FireFox:
========
FF ProfilePath: C:\Users\***name***\AppData\Roaming\Mozilla\Firefox\Profiles\nqjvyle3.default-1431863465341
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-

16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities

\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

[2015-03-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-

05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010

-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update

\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update

\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16]

(Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft

Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2002-01-09] (Macromedia,

Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-16] (Apple Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed

separately.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom

Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService.exe [651720 2013-04-01] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14]

(Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14]

(Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed

separately.)

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co.,

Ltd.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File

not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-17] (Malwarebytes

Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be

moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 13:53 - 2015-05-17 13:53 - 00014994 _____ () C:\Users\***name***\Desktop\FRST.txt
2015-05-17 13:51 - 2015-05-17 13:51 - 00000000 ____D () C:\Users\***name***\Desktop\Alte Firefox-Daten
2015-05-17 01:17 - 2015-05-17 01:17 - 00000074 _____ () C:\Windows\nepal_02.INI
2015-05-16 19:19 - 2015-05-16 19:19 - 00000901 _____ () C:\Users\***name***\Desktop\checkup.txt
2015-05-16 19:15 - 2015-05-16 19:15 - 00852630 _____ () C:\Users\***name***\Desktop\SecurityCheck.exe
2015-05-16 15:29 - 2015-05-16 15:30 - 00000374 _____ () C:\Users\***name***\Desktop\antwort.txt
2015-05-16 15:04 - 2015-05-16 15:04 - 02347384 _____ (ESET) C:\Users\***name***\Desktop

\esetsmartinstaller_deu.exe
2015-05-16 14:55 - 2015-05-16 14:55 - 00000000 ____D () C:\Users\***name***\Desktop\FRST-OlderVersion
2015-05-15 17:19 - 2015-05-15 17:19 - 00000000 ____D () C:\Users\***name***\Documents\AV Stumpfl
2015-05-14 20:58 - 2015-05-14 21:03 - 00053052 _____ () C:\Users\***name***\Desktop\Addition.txt
2015-05-14 20:57 - 2015-05-14 21:03 - 00061010 _____ () C:\Users\***name***\Desktop\FRST.txt.txt
2015-05-14 20:54 - 2015-05-14 21:02 - 00000869 _____ () C:\Users\***name***\Desktop\JRT.txt
2015-05-14 20:53 - 2015-05-14 20:53 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELLXPS_8300-

Windows-7-Home-Premium-(64-bit).dat
2015-05-14 20:53 - 2015-05-14 20:53 - 00000000 ____D () C:\RegBackup
2015-05-14 20:51 - 2015-05-14 20:51 - 02721175 _____ (Thisisu) C:\Users\***name***\Desktop\JRT.exe
2015-05-14 20:48 - 2015-05-14 21:01 - 00001214 _____ () C:\Users\***name***\Desktop\mbam.txt
2015-05-14 20:31 - 2015-05-14 21:01 - 00006336 _____ () C:\Users\***name***\Desktop\1. AdwCleaner[S0].txt
2015-05-14 20:25 - 2015-05-14 20:26 - 00000000 ____D () C:\AdwCleaner
2015-05-14 20:23 - 2015-05-14 20:23 - 02209792 _____ () C:\Users\***name***\Desktop\AdwCleaner_4.204.exe
2015-05-14 18:02 - 2015-05-17 12:12 - 00001236 _____ () C:\Windows\PFRO.log
2015-05-14 18:02 - 2015-05-17 12:12 - 00001176 _____ () C:\Windows\setupact.log
2015-05-14 18:02 - 2015-05-14 18:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 17:32 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows

\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:32 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:25 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-14 17:25 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-14 17:25 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-14 17:24 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-14 17:24 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mountmgr.sys
2015-05-14 17:24 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-14 17:24 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows

\system32\setbcdlocale.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-14 17:24 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-14 17:24 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows

\system32\appidpolicyconverter.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows

\system32\appidcertstorecheck.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-14 17:24 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-14 17:24 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-14 17:24 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\PEAuth.sys
2015-05-14 17:24 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\wmdrmsdk.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\AUDIOKSE.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\AudioEng.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\AudioSes.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-14 17:24 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-14 17:24 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-14 17:24 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\rrinstaller.exe
2015-05-14 17:24 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-14 17:24 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-14 17:24 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\appid.sys
2015-05-14 17:24 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-14 17:24 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-14 17:24 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-14 17:23 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 17:23 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 17:23 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 17:23 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 17:23 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 17:23 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollectorres.dll
2015-05-14 17:23 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 17:23 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 17:23 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 17:23 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwproxystub.dll
2015-05-14 17:23 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 17:23 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 17:23 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 17:23 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 17:23 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 17:23 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 17:23 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 17:23 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollector.exe
2015-05-14 17:23 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 17:23 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 17:23 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows

\system32\MsSpellCheckingFacility.exe
2015-05-14 17:23 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 17:23 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 17:23 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 17:23 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows

\system32\JavaScriptCollectionAgent.dll
2015-05-14 17:23 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 17:23 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 17:23 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\ieetwproxystub.dll
2015-05-14 17:23 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 17:23 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 17:23 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 17:23 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\MshtmlDac.dll
2015-05-14 17:23 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 17:23 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 17:23 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 17:23 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 17:23 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 17:23 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 17:23 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 17:23 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\jscript9diag.dll
2015-05-14 17:23 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 17:23 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 17:23 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 17:23 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows

\system32\mshtmlmedia.dll
2015-05-14 17:23 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 17:23 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 17:23 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 17:23 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 17:23 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 17:23 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 17:23 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 17:23 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 17:23 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 17:23 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 17:23 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\mshtmlmedia.dll
2015-05-14 17:23 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 17:23 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 17:23 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 17:23 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 17:23 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 17:23 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 17:23 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 17:23 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 17:23 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 17:23 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 17:23 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 17:23 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 17:23 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 17:23 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows

\system32\apisetschema.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

security-base-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-file-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-threadpool-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-processthreads-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-sysinfo-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-synch-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-localregistry-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-localization-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-rtlsupport-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-processenvironment-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-namedpipe-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-misc-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-memory-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-libraryloader-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-heap-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-xstate-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-util-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-string-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-profile-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-io-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-interlocked-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-handle-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-fibers-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-errorhandling-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-delayload-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-debug-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-datetime-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-

core-console-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 17:23 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 17:23 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 17:23 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 17:23 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\KernelBase.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 17:23 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\apisetschema.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-file-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-processthreads-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-sysinfo-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-synch-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-misc-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-localregistry-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-localization-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-processenvironment-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-namedpipe-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-memory-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-libraryloader-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-interlocked-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-heap-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-string-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-rtlsupport-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-profile-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-io-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-handle-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-fibers-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-errorhandling-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-delayload-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-debug-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-datetime-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-console-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 17:23 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 17:23 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-security-base-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-threadpool-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-xstate-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-

win-core-util-l1-1-0.dll
2015-05-14 17:23 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows

\system32\WindowsCodecs.dll
2015-05-14 17:23 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\WindowsCodecs.dll
2015-05-14 17:23 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 17:22 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 17:22 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 17:22 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 17:22 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 17:22 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 17:22 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 17:22 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 17:22 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 17:22 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 17:22 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecpkg.sys
2015-05-14 17:22 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecdd.sys
2015-05-14 17:22 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 17:22 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 17:22 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 17:22 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 17:22 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 17:22 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 17:22 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 17:22 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 17:22 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 17:22 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 17:22 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\adtschema.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-14 17:22 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-14 17:22 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-14 17:22 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows

\system32\wu.upgrade.ps.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-14 17:22 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-14 17:22 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-14 17:22 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-14 17:22 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-14 17:22 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-14 17:21 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 17:21 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-14 17:21 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-14 17:21 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-14 17:21 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\dciman32.dll
2015-05-14 17:21 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-14 17:21 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows

\system32\atmfd.dll
2015-05-14 17:21 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\atmfd.dll
2015-05-14 17:21 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\poqexec.exe
2015-05-14 17:21 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 17:21 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-14 17:21 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-14 17:21 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-14 17:21 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-14 17:21 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxdav.sys
2015-05-14 17:21 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-14 17:21 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-14 17:21 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-14 17:21 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-14 17:21 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-14 17:21 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-14 17:19 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-14 17:18 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-14 17:18 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-14 17:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-14 17:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-14 17:16 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-14 17:16 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-14 17:16 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-14 17:16 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-14 17:16 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\WMPhoto.dll
2015-05-14 11:46 - 2015-05-14 11:46 - 553480765 _____ () C:\Windows\MEMORY.DMP
2015-05-14 11:46 - 2015-05-14 11:46 - 00373400 _____ () C:\Windows\Minidump\051415-27440-01.dmp
2015-05-13 23:50 - 2015-05-14 20:18 - 00000000 ___RD () C:\Users\***name***\Dropbox
2015-05-13 23:39 - 2015-05-17 13:53 - 00000000 ____D () C:\FRST
2015-05-13 23:38 - 2015-05-16 14:55 - 02107392 _____ (Farbar) C:\Users\***name***\Desktop\FRST64.exe
2015-05-13 23:29 - 2015-05-13 23:44 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Nico Mak

Computing
2015-05-13 23:04 - 2015-05-14 02:04 - 00000000 ____D () C:\Users\***name***\Desktop\artefakte
2015-05-11 17:00 - 2015-05-11 20:32 - 00000074 _____ () C:\Windows\nepal_01.INI
2015-05-04 12:46 - 2015-05-17 13:42 - 00000000 ____D () C:\Users\***name***\Desktop\nepal benefiz
2015-05-02 01:48 - 2015-05-02 04:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 13:26 - 2012-04-27 20:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 13:11 - 2014-06-11 03:09 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-17 12:26 - 2012-04-27 20:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 12:21 - 2012-04-27 20:03 - 00004106 _____ () C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineUA
2015-05-17 12:21 - 2012-04-27 20:03 - 00003854 _____ () C:\Windows\System32\Tasks

\GoogleUpdateTaskMachineCore
2015-05-17 12:20 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 12:20 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 12:15 - 2011-10-20 12:19 - 01190203 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 12:13 - 2014-12-03 17:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\MBAMSwissArmy.sys
2015-05-17 12:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-16 20:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-16 19:45 - 2014-09-30 22:00 - 00000000 ____D () C:\Users\***name***\.razor
2015-05-16 15:05 - 2011-10-20 22:13 - 00699088 _____ () C:\Windows\system32\perfh007.dat
2015-05-16 15:05 - 2011-10-20 22:13 - 00149228 _____ () C:\Windows\system32\perfc007.dat
2015-05-16 15:05 - 2009-07-14 07:13 - 01619264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 17:36 - 2013-12-21 06:41 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\MediaMonkey
2015-05-15 12:38 - 2015-03-19 12:40 - 00000000 ____D () C:\Users\***name***\Desktop\neue medien
2015-05-14 22:23 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Windows Media Player.lnk
2015-05-14 21:28 - 2012-04-01 21:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-14 18:07 - 2014-06-11 13:33 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Dropbox
2015-05-14 18:04 - 2013-04-29 09:44 - 05208280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-14 17:55 - 2011-10-20 18:30 - 01591928 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-14 17:51 - 2014-12-03 17:29 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Microsoft Security Essentials.lnk
2015-05-14 17:51 - 2014-12-03 17:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 17:51 - 2014-12-03 17:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 17:51 - 2011-10-20 18:31 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-14 17:44 - 2011-10-20 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Microsoft Office
2015-05-14 17:43 - 2013-12-17 05:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 11:46 - 2013-02-07 16:12 - 00000000 ____D () C:\Windows\Minidump
2015-05-14 01:18 - 2014-06-11 13:36 - 00001002 _____ () C:\Users\***name***\Desktop\Dropbox.lnk
2015-05-14 01:18 - 2014-06-11 13:35 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Microsoft\Windows

\Start Menu\Programs\Dropbox
2015-05-13 23:50 - 2011-10-20 12:30 - 00000000 ____D () C:\Users\***name***
2015-05-13 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-13 21:41 - 2014-12-03 17:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-11 14:06 - 2015-03-29 04:51 - 00000000 ____D () C:\Users\***name***\AppData\Local\ACD Systems
2015-05-03 23:18 - 2015-03-29 04:53 - 00000000 ____D () C:\Users\***name***\AppData\Local\Adobe
2015-05-02 04:08 - 2011-10-20 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-02 04:06 - 2011-10-20 17:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-30 10:07 - 2012-04-27 20:22 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-07-26 18:23 - 2014-07-26 18:23 - 0000003 _____ () C:\Users\***name***\AppData\Roaming\CheckWinVer.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0099384 _____ () C:\Users\***name***\AppData\Roaming\inst.exe
2012-12-29 01:11 - 2012-12-29 01:11 - 0007859 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.cat
2012-12-29 01:11 - 2012-12-29 01:11 - 0001167 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.inf
2012-12-29 01:12 - 2012-12-29 01:12 - 0000034 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0082816 _____ (VSO Software) C:\Users\***name***\AppData\Roaming

\pcouffin.sys
2011-10-21 03:42 - 2013-04-02 01:54 - 0073728 _____ () C:\Users\***name***\AppData\Local\DCBC2A71-70D8-

4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-21 03:05 - 2014-08-07 19:21 - 0007672 _____ () C:\Users\***name***\AppData\Local\Resmon.ResmonCfg
2014-12-23 21:44 - 2014-12-23 21:44 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0014]-[p22].bmp
2014-12-23 21:55 - 2014-12-23 21:56 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0015]-[p22].bmp
2014-12-23 22:06 - 2014-12-23 22:06 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0016]-[p68].bmp
2015-02-17 17:33 - 2015-02-17 17:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-10-20 22:28 - 2015-02-17 13:21 - 0010102 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-16 20:35

==================== End Of Log ============================
--- --- ---

hans_t 17.05.2015 12:59
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by ***name*** at 2015-05-17 13:54:06
Running from C:\Users\***name***\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3213465492-3622994428-3788502651-500 - Administrator - Disabled)
Gast (S-1-5-21-3213465492-3622994428-3788502651-501 - Limited - Disabled)
***name*** (S-1-5-21-3213465492-3622994428-3788502651-1000 - Administrator - Enabled) => C:\Users\***name***

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should

be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
A1 Dashboard (HKLM-x32\...\A1 Dashboard) (Version: 1.15.1.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.15.1.0 - A1 Telekom Austria AG) Hidden
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
ACDSee Ultimate 8 (64-bit) (HKLM\...\{DFD09008-75B2-49AB-A1D1-AEE552B3FD11}) (Version: 8.1.1.386 - ACD

Systems International Inc.)
ACDSee Video Converter Pro 4.1 (HKLM-x32\...\ACDSee_acdVCPro) (Version: 4.1.0.166 - ACD Systems International

Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems

Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems

Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 -

Adobe Systems Incorporated)
Alpenvereinskarten digital (HKLM-x32\...\Alpenvereinskarten digital) (Version:  - )
AMap Fly 5.0 (HKLM-x32\...\{D5647409-6423-426C-AA3A-D0F703A52677}) (Version: 6.6.0.0000 - EADS Deutschland

GmbH)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple

Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 -

Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{74000F25-9A0A-B837-215D-7DFCD5641514}) (Version: 3.0.795.0 - ATI

Technologies, Inc.)
AV Stumpfl Wings (HKLM-x32\...\AV Stumpfl Wings (V 5.9.0)) (Version: 5.9.0 - AV Stumpfl)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version:  - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video ReMaker 4.0.8.140 (HKLM-x32\...\AVS Video ReMaker_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media

Technologies Ltd.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-

AC6570697858}) (Version: 14.2.4.1 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0930.2237.38732 - Ihr Firmenname) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version:

12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Freizeitkarte_AUT+ (Ausgabe 14.03) (HKLM-x32\...\Freizeitkarte_AUT+) (Version:  - )
Freizeitkarte_TUR (Ausgabe 14.06) (HKLM-x32\...\Freizeitkarte_TUR) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{BC8E822D-0C54-4426-B7D3-876CFC47EFEC}) (Version: 4.4.4 - Garmin Ltd or its

subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or

its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or

its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its

subsidiaries)
Geogrid®-Viewer (x32 Version: 6.6.0.0000 - EADS Deutschland GmbH) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{5C519C69-AC39-40D0-9FF3-

1F3FEE4640B2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett

Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-

Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version:

7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LMSOFT Web Creator Pro 6 (HKLM-x32\...\Web Creator Pro 6) (Version:  - )
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 -

Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709

- Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} -

1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta Professional 2003 (HKLM-x32\...\{034400C0-3975-4267-9F39-1DC4745090B7}) (Version: 2003 -

Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version:

14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 -

Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version:

11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version:

8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version:

8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version:

8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version:

8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-

13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-

5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-

22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-

8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-

21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-

725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-

87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-

6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-

68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 -

Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 -

Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version:

4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MyFreeCodec) (Version:  - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-

37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
ODBC (HKLM-x32\...\ODBC) (Version:  - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 -

OLYMPUS IMAGING CORP.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:

6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 -

Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version:

1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 -

SafeNet, Inc.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
SmartSerialMail V5.1.3 (HKLM-x32\...\SmartSerialMail_is1) (Version: 5.1.3 - JAM Software)
svBuilder (HKLM-x32\...\svBuilder) (Version: 2.3.2 - SimpleViewer Inc)
svBuilder (x32 Version: 2.3.2 - SimpleViewer Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...

\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version:

1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)

(HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING

CORP.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{005A3A96-BAC4-

4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{ECD97DE5-3C8F-

4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin

\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314ED9-A251-47B7

-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDA-A251-47B7

-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDB-A251-47B7

-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDC-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin

\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDD-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin

\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDE-A251-47B7

-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDF-A251-47B7

-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EE0-A251-47B7

-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

(Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-16 14:55 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be

moved.)

Task: {11E2C7E6-02CD-4B85-AD29-8EBB660E3679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {130EDC82-D009-434F-8AF3-8702AD2BD7F0} - System32\Tasks\{1FEA43D4-DD32-4112-B9EF-

C89847CF4787} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {1A9527C9-E4AD-4DAE-9ED4-AD68F32DADC9} - System32\Tasks\{25C374D8-51D2-43E3-880D-

3A07DE8FE227} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {22E2C234-F23F-4A36-BDCD-18CCBFF35A3B} - System32\Tasks\{483BF32D-19AC-44F1-8881-

B4F3D27D225A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {279A21EA-BCEE-4F5D-90B8-BABCB0BC859A} - System32\Tasks\{38496090-C565-42B3-97D0-

A628DC006B82} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {28B19B62-D270-4B86-8076-47B68F874D7C} - System32\Tasks\{DF945111-70CA-469B-A348-

4CE9861E4E50} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {2E3B053A-64CA-4770-8EF9-3D7A0E24EE7B} - System32\Tasks\{50C68E2D-62AD-4929-9AA9-

20256918F156} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {2F789BE8-B0E0-4B47-B95E-28CED0269CDF} - System32\Tasks\{F5CB5B8D-646B-46FA-9222-

ABB9A3C7FC1F} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {313645A3-CADF-4491-86AF-9E82E3A5D736} - System32\Tasks\{A7B27D28-AB55-450A-AF53-

87685E764915} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {33A53B10-7D93-4C0B-A459-51EDD7509B99} - System32\Tasks\{8F2175A3-39ED-412C-B6B5-

E21FAABF6B74} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {36E09EC4-F04C-4E81-B25B-A09E8BC72142} - System32\Tasks\{554AEC8D-2C04-4BB4-A67A-

9C1F5BE2D62B} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {3B199697-E8EC-4A98-A79D-09FE95EEED04} - System32\Tasks\hpUrlLauncher.exe_{A558F23D-DFFF-

402A-AC04-4969ADA7A967} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22]

(Hewlett-Packard Development Company, LP)
Task: {45F2AC92-99B1-4B95-9B11-0E5DC107B207} - System32\Tasks\{3C85C242-DA6A-43C1-8887-

F5A8E1F2257C} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {5164CFA8-A946-4905-A424-E66EB307E913} - System32\Tasks\{51843A71-A9CB-4FEE-8833-

950C1A16ED52} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {53B3239E-A146-4614-BC3F-C986B9E747AE} - System32\Tasks\{8167160D-7A31-486E-A36C-

762166D7F30D} => pcalua.exe -a "K:\tray backup.exe" -d K:\
Task: {5A0BDCA0-1E22-47CA-9CE6-007A9E49C380} - System32\Tasks\{4A686B65-891D-4EFE-84BC-

41DBC41195D0} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {634E3A81-0AD7-4929-910F-67A87C72599B} - System32\Tasks\{0BA9B6CB-A377-4802-A89B-

A3FB75BD6DBA} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {6D0F9806-7B46-4DD2-80BA-7EA8837A9BCD} - System32\Tasks\{3E5165E2-4BC9-459F-B932-

D13C9FCA1C63} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {6E9B0248-0D67-4579-A491-F95A55D96ACF} - System32\Tasks\{CD21EC92-0374-45AF-BF92-

9F19AFBC43EB} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {963FD547-9465-45BD-BACB-E8AD19941B07} - System32\Tasks\{1493D980-8E5B-4519-9043-

57BC225C1086} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {98735C27-3CE5-4D32-8AC2-75E5D24D57AD} - System32\Tasks\{23EDC648-ED8D-4B05-A331-

292C118D6086} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {9E73144E-2A24-4493-AE1F-D2529EF66566} - System32\Tasks\{E56BC32D-65B6-4827-AF2B-

2B39448F5D4A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AB6A4D83-97B1-4273-B236-5C3E20EE5DB2} - System32\Tasks\{1172F15B-DDE5-4E45-84E4-

1CD7BB24F259} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {ACFFEFE8-419F-47BA-A6D8-A240CE0C6187} - System32\Tasks\{1A3377AE-1094-42B5-B72C-

E0985785933B} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AF2C240E-995A-481F-9B64-6163841CC745} - System32\Tasks\{B2F8CBF8-5B51-4F71-83A6-

AEAF8910D9E6} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B251BD8F-9BA8-49DB-BB76-BCE70C9A5A4F} - System32\Tasks\{4868EAC3-E0C9-4267-BE34-

1BE206397DD0} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B7F24BA5-155B-4360-BAA6-361241ACE069} - System32\Tasks\{F0A209F7-2C0E-485A-BAD4-

A729ADDE2B24} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B91FFCDB-E6CE-411E-9812-BD16D04B009F} - System32\Tasks\{7196370E-77F5-4FB8-B633-

2DE26324FB56} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {D3FED5A5-BE92-4A9C-893B-82EE451F3BE5} - System32\Tasks\Microsoft\Windows\Media Center

\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D6AF886E-A8BE-4672-BFE5-4B31A8763F40} - System32\Tasks\{0097006A-6CB3-4E76-AC8F-

27D4A4CDCA8E} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {D814276E-4162-46B0-8A99-087614276940} - System32\Tasks\{FE6C2B63-2455-41E1-A53F-

026C169CAF94} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {D85225B2-1656-4332-8E1F-F2F7A6F37831} - System32\Tasks\{5AB9579A-8732-4A8D-A399-

51CB363A3994} => C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe

Gamma Loader.exe
Task: {D8ACFAED-F069-4656-AD76-DF5892646DA4} - System32\Tasks\{DD76B277-84D4-42FD-9F80-

AC6744C50090} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {DC864D60-02A3-466D-9E87-FCCA23387F69} - System32\Tasks\{16395E5E-A1C7-4689-ABF9-

80FA03E00808} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {DDE01C0A-F955-4C74-AB16-F8AEFB771CBF} - System32\Tasks\{91AA85FB-002E-4F88-BC90-

89412590E8EE} => pcalua.exe -a "C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\web

creator pro 5\WC5ProInstall200.EXE" -d "C:\Users\***name***\A_Eigene Dateien\Programme installations dateien\web

creator pro 5"
Task: {E81E7297-BD44-4440-BEB4-641D0E14E724} - System32\Tasks\{9E189C0A-E6BF-4088-99CF-

2F0C1BE695D7} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {EA72CE08-B2C2-4924-B89A-2FF804C49349} - System32\Tasks\{190648A2-E50A-48B5-A38F-

D30967DA27B1} => C:\Users\***name***\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup

\SETUP.EXE
Task: {F67C5D37-16BE-44AF-B08D-0262B2725AE4} - System32\Tasks\hpUrlLauncher.exe_{E6CEA810-0FE6-47D8

-9A3A-522506D50EDE} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22]

(Hewlett-Packard Development Company, LP)
Task: {FDE70701-DEAE-414B-AC26-A8BE4D5518AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-02-04 12:02 - 2015-02-04 12:02 - 02061832 _____ () C:\Program Files\ACD Systems\ACDSee Ultimate

\8.0\ACDSeeCommanderUltimate8.exe
2010-08-26 16:08 - 2010-08-26 16:08 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding

\Branding.dll
2010-09-30 22:36 - 2010-09-30 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-

Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-19 19:32 - 2010-08-19 19:32 - 00086016 _____ () C:\Program Files (x86)\A1 Dashboard\resetregistry.dll
2011-04-18 09:16 - 2011-04-18 09:16 - 01421824 _____ () C:\Program Files (x86)\A1 Dashboard\Skins

\A1\A1Skin.dbskin
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:7E63EC98

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***name***

\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ACPW05DE => "C:\Program Files (x86)\ACD Systems\ACDSee Pro

\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SmartSerialMail Versand => C:\Program Files (x86)\JAM Software\SmartSerialMail

\SmartSerialMailServiceApp.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{3091EE42-36DE-454F-9350-B91F7C7545F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpqtra08.exe
FirewallRules: [{BDB8FFC4-E434-4D27-96D8-3E83121216F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpqste08.exe
FirewallRules: [{0D7A4497-79A8-4926-B61F-4FC58063362C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hposid01.exe
FirewallRules: [{82096AA0-42FD-40DC-AB4C-6FC9CF6BC619}] => (Allow) C:\Program Files (x86)\HP\Digital

Imaging\bin\hpqkygrp.exe
FirewallRules: [{92F0F32B-42B2-49F6-BA18-18DE806FF4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpfccopy.exe
FirewallRules: [{BAC352A7-5851-4EB0-8B7E-D8635AB8C7C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpoews01.exe
FirewallRules: [{225DA7FE-0DD6-4BDB-B6F4-74825F8E1C4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpiscnapp.exe
FirewallRules: [{C8ACA1A2-3F92-4D58-8E78-9C50B7D8F46F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpqgplgtupl.exe
FirewallRules: [{AAE908A1-4D97-4DFC-903B-8629FC75CB92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpqgpc01.exe
FirewallRules: [{C680AF17-AFBA-4223-9B43-433DF42019BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpqusgm.exe
FirewallRules: [{49E2C73A-7E4A-4484-8FE5-3995F5A9333E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging

\bin\hpqusgh.exe
FirewallRules: [TCP Query User{8669B727-76C7-48B4-A5DF-1E142DE6E8AB}C:\program files (x86)\mozilla firefox

\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{C0C25388-CB6D-4FEE-9630-A02A79C9BA5C}C:\program files (x86)\mozilla firefox

\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{C511E6DB-5FBD-4EEB-8F02-94E3CD8B8EC6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{87DEF01C-F0E9-48E9-A025-AD835CB86C19}C:\program files (x86)\av stumpfl\wings

5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [UDP Query User{A7CF7E79-4AF5-4F09-B545-6D1DA113AB6F}C:\program files (x86)\av stumpfl\wings

5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [TCP Query User{EC4CCCE1-D7F7-4D9D-9ADD-E3D54696FD2D}C:\program files (x86)\av stumpfl

\wings 5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [UDP Query User{E7994D36-A4A7-4238-8898-85C4415F1F1F}C:\program files (x86)\av stumpfl\wings

5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{EA32D7AF-9261-4B85-9E88-5623BBCCF6EF}] => (Block) C:\program files (x86)\av stumpfl\wings

5\wings5.exe
FirewallRules: [{C9D11AF4-1C7C-4679-8EEA-83B532B188F7}] => (Block) C:\program files (x86)\av stumpfl\wings

5\wings5.exe
FirewallRules: [{F2450001-372F-4FA7-AB29-37360499B565}] => (Allow) C:\Program Files (x86)\Common Files\Apple

\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6FA9C52A-B68B-414B-8B31-B1829890FAA1}] => (Allow) C:\Program Files (x86)\JAM Software

\SmartSerialMail\SmartSerialMail.exe
FirewallRules: [{E645DC52-F34A-4FD8-855B-8ACC53E41819}] => (Allow) C:\Program Files (x86)\JAM Software

\SmartSerialMail\SmartSerialMailServiceApp.exe
FirewallRules: [{38B74D08-8ED5-48AE-9E54-F8E2DD5C635F}] => (Allow) C:\Program Files (x86)\Common Files\JAM

Software\SpamAssassin\spamd.exe
FirewallRules: [TCP Query User{6F04F8A5-4214-4A61-8E58-8539547CF495}C:\program files (x86)\av stumpfl\wings

uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [UDP Query User{0E6DE58A-24C2-4174-9956-62C5AA8A3AFA}C:\program files (x86)\av stumpfl\wings

uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [{7082D1E7-57DB-450D-B19B-C144ED8ED3F5}] => (Allow) C:\Users\***name***\AppData\Roaming

\Dropbox\bin\Dropbox.exe
FirewallRules: [{8DEBED6A-3A39-433A-94B4-06B8E46D6BC8}] => (Allow) C:\Users\***name***\AppData\Roaming

\Dropbox\bin\Dropbox.exe
FirewallRules: [{B62CD113-8EB4-4C39-B702-A1D596B04C4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox

\firefox.exe
FirewallRules: [{3ED69F24-18B6-4BA7-BB06-562B345949C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox

\firefox.exe
FirewallRules: [{EABF833B-A963-4F00-A848-28B049CA8526}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series

\Bin\DeviceSetup.exe
FirewallRules: [{498C015F-DD6C-48BA-BC9F-535FE40A38BD}] => (Allow) LPort=5357
FirewallRules: [{919E4D0E-7E48-4EF4-BF89-AEFC2A213951}] => (Allow) C:\Program Files\HP\HP ENVY 4500

series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{8500565B-434D-4211-A055-1D2B9467F3E4}C:\program files (x86)\mozilla firefox

\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DCDE6386-1151-408F-A28D-42B35E4696E2}C:\program files (x86)\mozilla firefox

\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 00:12:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wings5.exe, Version: 5.9.0.0, Zeitstempel: 0x5476e8ea
Name des fehlerhaften Moduls: Wings5.exe, Version: 5.9.0.0, Zeitstempel: 0x5476e8ea
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000fec99
ID des fehlerhaften Prozesses: 0xe3c
Startzeit der fehlerhaften Anwendung: 0xWings5.exe0
Pfad der fehlerhaften Anwendung: Wings5.exe1
Pfad des fehlerhaften Moduls: Wings5.exe2
Berichtskennung: Wings5.exe3

Error: (05/16/2015 10:36:25 PM) (Source: SmartSerialMail) (EventID: 0) (User: DellXPS_8300)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 00563453 in module 'SmartSerialMail.exe'. Read of address

00000010
----------------------------------------------------------------------------------------------------------------------------
|Adresse |Modul              |Einheit              |Klasse              |Prozedur/Methode                        |Linie  |
----------------------------------------------------------------------------------------------------------------------------
|009FD3B7|SmartSerialMail.exe|SSM.UI.Ribbon.pas    |UI                  |Ribbon.TBoogieRibbonForm.CreateParams  |280

[1]  |
|7737E01E|ntdll.dll          |                      |                    |RtlFreeHeap                            |        |
|7696D1E0|USER32.dll        |                      |                    |EnumWindows                            |        |
|7696D1CF|USER32.dll        |                      |                    |EnumWindows                            |        |
|769AC21A|USER32.dll        |                      |                    |GetRawInputDeviceInfoW                  |        |
|00861A70|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5252[16]|
|008619CC|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5236[0] |
|00C0BB3C|SmartSerialMail.exe|SSM.UI.Html.Edit.pas  |UI                  |Html.Edit.THtmlEdit.Destroy            |545[2]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |

162[4]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |

162[4]  |
|00D7E564|SmartSerialMail.exe|SSM.UI.Main.pas      |UI                  |Main.TMainform.Destroy                  |798[2]  |
|7737E813|ntdll.dll          |                      |                    |RtlEqualUnicodeString                  |        |
|7737EFAA|ntdll.dll          |                      |                    |RtlDosApplyFileIsolationRedirection_Ustr|        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|76AD74F6|KERNELBASE.dll    |                      |                    |GetErrorMode                            |        |
|76AD7551|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|76AD7520|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|7737FD38|ntdll.dll          |                      |                    |LdrGetDllHandleEx                      |        |
|7737FD2A|ntdll.dll          |                      |                    |LdrGetDllHandle                        |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|77387346|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|7738734D|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
----------------------------------------------------------------------------------------------------------------------------

Error: (05/16/2015 07:13:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 04:50:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 03:18:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 03:18:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 03:05:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 03:05:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 03:05:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.


System errors:
=============
Error: (05/16/2015 08:46:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein

benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/16/2015 02:56:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows

Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende

Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet.

Dies ist bereits 1 Mal passiert.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet

beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden

durchgeführt: Neustart des Diensts.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Broadcom Management Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen.

Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/17/2015 00:12:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA

"Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wings5.exe5.9.0.05476e8eaWings5.exe5.9.0.05476e8eac0000005000fec99e3c01d090297552dfa3C:

\Program Files (x86)\AV Stumpfl\Wings 5\Wings5.exeC:\Program Files (x86)\AV Stumpfl\Wings 5\Wings5.exebcb6e882

-fc1c-11e4-ba3d-180373ced106

Error: (05/16/2015 10:36:25 PM) (Source: SmartSerialMail) (EventID: 0) (User: DellXPS_8300)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 00563453 in module 'SmartSerialMail.exe'. Read of address

00000010
----------------------------------------------------------------------------------------------------------------------------
|Adresse |Modul              |Einheit              |Klasse              |Prozedur/Methode                        |Linie  |
----------------------------------------------------------------------------------------------------------------------------
|009FD3B7|SmartSerialMail.exe|SSM.UI.Ribbon.pas    |UI                  |Ribbon.TBoogieRibbonForm.CreateParams  |280

[1]  |
|7737E01E|ntdll.dll          |                      |                    |RtlFreeHeap                            |        |
|7696D1E0|USER32.dll        |                      |                    |EnumWindows                            |        |
|7696D1CF|USER32.dll        |                      |                    |EnumWindows                            |        |
|769AC21A|USER32.dll        |                      |                    |GetRawInputDeviceInfoW                  |        |
|00861A70|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5252[16]|
|008619CC|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5236[0] |
|00C0BB3C|SmartSerialMail.exe|SSM.UI.Html.Edit.pas  |UI                  |Html.Edit.THtmlEdit.Destroy            |545[2]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |

162[4]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |

162[4]  |
|00D7E564|SmartSerialMail.exe|SSM.UI.Main.pas      |UI                  |Main.TMainform.Destroy                  |798[2]  |
|7737E813|ntdll.dll          |                      |                    |RtlEqualUnicodeString                  |        |
|7737EFAA|ntdll.dll          |                      |                    |RtlDosApplyFileIsolationRedirection_Ustr|        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|76AD74F6|KERNELBASE.dll    |                      |                    |GetErrorMode                            |        |
|76AD7551|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|76AD7520|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|7737FD38|ntdll.dll          |                      |                    |LdrGetDllHandleEx                      |        |
|7737FD2A|ntdll.dll          |                      |                    |LdrGetDllHandle                        |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|77387346|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|7738734D|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
----------------------------------------------------------------------------------------------------------------------------

Error: (05/16/2015 07:13:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:

\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/16/2015 04:50:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:

\Users\***name***\Desktop\esetsmartinstaller_deu.exe

Error: (05/16/2015 03:18:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:

\Users\***name***\Desktop\esetsmartinstaller_deu.exe

Error: (05/16/2015 03:18:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:

\Users\***name***\Desktop\esetsmartinstaller_deu.exe

Error: (05/16/2015 03:05:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:

\Users\***name***\Desktop\esetsmartinstaller_deu.exe

Error: (05/16/2015 03:05:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:

\Users\***name***\Desktop\esetsmartinstaller_deu.exe

Error: (05/16/2015 03:05:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:

\Users\***name***\Desktop\esetsmartinstaller_deu.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8174.45 MB
Available physical RAM: 6164.87 MB
Total Pagefile: 16347.08 MB
Available Pagefile: 14106.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:341.09 GB) NTFS
Drive e: (A1 Dashboard) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8BFD36D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1384 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 17.05.2015 20:29
Servus,


gibt es immer noch die Probleme?

Die Logdateien sind unbrauchbar, bitte im Editor den Zeilenumbruch deaktivieren/aktivieren. So kann ich nichts damit anfangen, da sehr schwer lesbar.

hans_t 18.05.2015 11:00
Hallo, hier nochmal die Logs, Ich hoffe, dass ich es jetzt richtig genmacht habe.
Die Artefakte gibt es leider noch immer noch. Aber nur mit Mozilla und wenn bei Facebook eingeloggt.
Danke, lg


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by ***name*** (administrator) on DELLXPS_8300 on 18-05-2015 11:50:05
Running from C:\Users\***name***\Desktop
Loaded Profiles: ***name*** (Available profiles: ***name***)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Dashboard\Dashboard.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [ACDSeeCommanderUltimate8] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2061832 2015-02-04] ()
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MountPoints2: {7016cca5-fb07-11e0-a09c-fe958973f057} - E:\Autorun.exe
Startup: C:\Users\***name***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A1 Dashboard.lnk [2011-10-21]
ShortcutTarget: A1 Dashboard.lnk -> C:\Program Files (x86)\A1 Dashboard\Dashboard.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\***name***\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
Handler-x32: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL [2001-08-09] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found
Tcpip\..\Interfaces\{CF5CE2F1-ADE3-407B-AC29-84197F93E969}: [NameServer] 194.48.128.199 194.48.139.254

FireFox:
========
FF ProfilePath: C:\Users\***name***\AppData\Roaming\Mozilla\Firefox\Profiles\afuj73ij.default-1431942542983
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDAPP\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll [2002-01-09] (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-16] (Apple Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-04-01] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 13:53 - 2015-05-18 11:50 - 00015098 _____ () C:\Users\***name***\Desktop\FRST.txt
2015-05-17 13:51 - 2015-05-18 11:49 - 00000000 ____D () C:\Users\***name***\Desktop\Alte Firefox-Daten
2015-05-17 01:17 - 2015-05-17 01:17 - 00000074 _____ () C:\Windows\nepal_02.INI
2015-05-16 19:19 - 2015-05-16 19:19 - 00000901 _____ () C:\Users\***name***\Desktop\checkup.txt
2015-05-16 19:15 - 2015-05-16 19:15 - 00852630 _____ () C:\Users\***name***\Desktop\SecurityCheck.exe
2015-05-16 15:29 - 2015-05-16 15:30 - 00000374 _____ () C:\Users\***name***\Desktop\antwort.txt
2015-05-16 15:04 - 2015-05-16 15:04 - 02347384 _____ (ESET) C:\Users\***name***\Desktop\esetsmartinstaller_deu.exe
2015-05-16 14:55 - 2015-05-16 14:55 - 00000000 ____D () C:\Users\***name***\Desktop\FRST-OlderVersion
2015-05-15 17:19 - 2015-05-15 17:19 - 00000000 ____D () C:\Users\***name***\Documents\AV Stumpfl
2015-05-14 20:58 - 2015-05-17 14:00 - 00056253 _____ () C:\Users\***name***\Desktop\Addition.txt
2015-05-14 20:57 - 2015-05-14 21:03 - 00061010 _____ () C:\Users\***name***\Desktop\FRST.txt.txt
2015-05-14 20:54 - 2015-05-14 21:02 - 00000869 _____ () C:\Users\***name***\Desktop\JRT.txt
2015-05-14 20:53 - 2015-05-14 20:53 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELLXPS_8300-Windows-7-Home-Premium-(64-bit).dat
2015-05-14 20:53 - 2015-05-14 20:53 - 00000000 ____D () C:\RegBackup
2015-05-14 20:51 - 2015-05-14 20:51 - 02721175 _____ (Thisisu) C:\Users\***name***\Desktop\JRT.exe
2015-05-14 20:48 - 2015-05-14 21:01 - 00001214 _____ () C:\Users\***name***\Desktop\mbam.txt
2015-05-14 20:31 - 2015-05-14 21:01 - 00006336 _____ () C:\Users\***name***\Desktop\1. AdwCleaner[S0].txt
2015-05-14 20:25 - 2015-05-14 20:26 - 00000000 ____D () C:\AdwCleaner
2015-05-14 20:23 - 2015-05-14 20:23 - 02209792 _____ () C:\Users\***name***\Desktop\AdwCleaner_4.204.exe
2015-05-14 18:02 - 2015-05-18 10:53 - 00001344 _____ () C:\Windows\setupact.log
2015-05-14 18:02 - 2015-05-17 12:12 - 00001236 _____ () C:\Windows\PFRO.log
2015-05-14 18:02 - 2015-05-14 18:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 17:32 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:32 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:25 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-14 17:25 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-14 17:25 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-14 17:24 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-14 17:24 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-05-14 17:24 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-14 17:24 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-14 17:24 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-14 17:24 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-14 17:24 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-14 17:24 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-14 17:24 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-14 17:24 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-14 17:24 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-14 17:24 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-14 17:24 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-14 17:24 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-14 17:24 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-14 17:24 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-14 17:24 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-05-14 17:24 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-14 17:24 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-14 17:24 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-14 17:24 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-14 17:24 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-14 17:24 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-14 17:23 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 17:23 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 17:23 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 17:23 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 17:23 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 17:23 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 17:23 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 17:23 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 17:23 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 17:23 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 17:23 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 17:23 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 17:23 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 17:23 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 17:23 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 17:23 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 17:23 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 17:23 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 17:23 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 17:23 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 17:23 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 17:23 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 17:23 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 17:23 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 17:23 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 17:23 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 17:23 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 17:23 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 17:23 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 17:23 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 17:23 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 17:23 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 17:23 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 17:23 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 17:23 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 17:23 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 17:23 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 17:23 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 17:23 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 17:23 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 17:23 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 17:23 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 17:23 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 17:23 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 17:23 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 17:23 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 17:23 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 17:23 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 17:23 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 17:23 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 17:23 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 17:23 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 17:23 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 17:23 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 17:23 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 17:23 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 17:23 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 17:23 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 17:23 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 17:23 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 17:23 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 17:23 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 17:23 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 17:23 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 17:23 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 17:23 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 17:23 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 17:23 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 17:23 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 17:23 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 17:23 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 17:23 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 17:23 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 17:23 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 17:23 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 17:23 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 17:23 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 17:23 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 17:23 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 17:23 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 17:23 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-14 17:23 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-14 17:23 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-14 17:22 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 17:22 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 17:22 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 17:22 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 17:22 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 17:22 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 17:22 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 17:22 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 17:22 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 17:22 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 17:22 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 17:22 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 17:22 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 17:22 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 17:22 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 17:22 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 17:22 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 17:22 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 17:22 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 17:22 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 17:22 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 17:22 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 17:22 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 17:22 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-14 17:22 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-14 17:22 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-14 17:22 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-14 17:22 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-14 17:22 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-14 17:22 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-14 17:22 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-14 17:22 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-14 17:22 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-14 17:22 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-14 17:21 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 17:21 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-14 17:21 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-14 17:21 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-14 17:21 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-14 17:21 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-14 17:21 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-05-14 17:21 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-14 17:21 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-14 17:21 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-14 17:21 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 17:21 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 17:21 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-14 17:21 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-14 17:21 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-14 17:21 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-14 17:21 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-14 17:21 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-14 17:21 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-14 17:21 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-14 17:21 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-14 17:21 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-14 17:21 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-14 17:19 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-14 17:18 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-14 17:18 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-14 17:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-14 17:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-14 17:16 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-14 17:16 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-14 17:16 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-14 17:16 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-14 17:16 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-14 11:46 - 2015-05-14 11:46 - 553480765 _____ () C:\Windows\MEMORY.DMP
2015-05-14 11:46 - 2015-05-14 11:46 - 00373400 _____ () C:\Windows\Minidump\051415-27440-01.dmp
2015-05-13 23:50 - 2015-05-18 11:11 - 00000000 ___RD () C:\Users\***name***\Dropbox
2015-05-13 23:39 - 2015-05-18 11:50 - 00000000 ____D () C:\FRST
2015-05-13 23:38 - 2015-05-16 14:55 - 02107392 _____ (Farbar) C:\Users\***name***\Desktop\FRST64.exe
2015-05-13 23:29 - 2015-05-13 23:44 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Nico Mak Computing
2015-05-13 23:04 - 2015-05-14 02:04 - 00000000 ____D () C:\Users\***name***\Desktop\artefakte
2015-05-11 17:00 - 2015-05-11 20:32 - 00000074 _____ () C:\Windows\nepal_01.INI
2015-05-04 12:46 - 2015-05-17 13:42 - 00000000 ____D () C:\Users\***name***\Desktop\nepal benefiz
2015-05-02 01:48 - 2015-05-02 04:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-18 11:26 - 2012-04-27 20:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 11:11 - 2014-06-11 13:33 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Dropbox
2015-05-18 11:01 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 11:01 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 10:56 - 2011-10-20 12:19 - 01240296 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 10:55 - 2014-12-03 17:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 10:55 - 2012-04-27 20:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 10:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 13:11 - 2014-06-11 03:09 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-17 12:21 - 2012-04-27 20:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 12:21 - 2012-04-27 20:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 20:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-16 19:45 - 2014-09-30 22:00 - 00000000 ____D () C:\Users\***name***\.razor
2015-05-16 15:05 - 2011-10-20 22:13 - 00699088 _____ () C:\Windows\system32\perfh007.dat
2015-05-16 15:05 - 2011-10-20 22:13 - 00149228 _____ () C:\Windows\system32\perfc007.dat
2015-05-16 15:05 - 2009-07-14 07:13 - 01619264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 17:36 - 2013-12-21 06:41 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\MediaMonkey
2015-05-15 12:38 - 2015-03-19 12:40 - 00000000 ____D () C:\Users\***name***\Desktop\neue medien
2015-05-14 22:23 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-14 21:28 - 2012-04-01 21:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-14 18:04 - 2013-04-29 09:44 - 05208280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-14 18:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-14 17:55 - 2011-10-20 18:30 - 01591928 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-14 17:51 - 2014-12-03 17:29 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 17:51 - 2014-12-03 17:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 17:51 - 2014-12-03 17:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 17:51 - 2011-10-20 18:31 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-14 17:44 - 2011-10-20 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-14 17:43 - 2013-12-17 05:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 11:46 - 2013-02-07 16:12 - 00000000 ____D () C:\Windows\Minidump
2015-05-14 01:18 - 2014-06-11 13:36 - 00001002 _____ () C:\Users\***name***\Desktop\Dropbox.lnk
2015-05-14 01:18 - 2014-06-11 13:35 - 00000000 ____D () C:\Users\***name***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-13 23:50 - 2011-10-20 12:30 - 00000000 ____D () C:\Users\***name***
2015-05-13 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-13 21:41 - 2014-12-03 17:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-13 21:41 - 2014-12-03 17:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-11 14:06 - 2015-03-29 04:51 - 00000000 ____D () C:\Users\***name***\AppData\Local\ACD Systems
2015-05-03 23:18 - 2015-03-29 04:53 - 00000000 ____D () C:\Users\***name***\AppData\Local\Adobe
2015-05-02 04:08 - 2011-10-20 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-02 04:06 - 2011-10-20 17:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-30 10:07 - 2012-04-27 20:22 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-07-26 18:23 - 2014-07-26 18:23 - 0000003 _____ () C:\Users\***name***\AppData\Roaming\CheckWinVer.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0099384 _____ () C:\Users\***name***\AppData\Roaming\inst.exe
2012-12-29 01:11 - 2012-12-29 01:11 - 0007859 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.cat
2012-12-29 01:11 - 2012-12-29 01:11 - 0001167 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.inf
2012-12-29 01:12 - 2012-12-29 01:12 - 0000034 _____ () C:\Users\***name***\AppData\Roaming\pcouffin.log
2012-12-29 01:11 - 2012-12-29 01:11 - 0082816 _____ (VSO Software) C:\Users\***name***\AppData\Roaming\pcouffin.sys
2011-10-21 03:42 - 2013-04-02 01:54 - 0073728 _____ () C:\Users\***name***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-21 03:05 - 2014-08-07 19:21 - 0007672 _____ () C:\Users\***name***\AppData\Local\Resmon.ResmonCfg
2014-12-23 21:44 - 2014-12-23 21:44 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0014]-[p22].bmp
2014-12-23 21:55 - 2014-12-23 21:56 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0015]-[p22].bmp
2014-12-23 22:06 - 2014-12-23 22:06 - 2529622 _____ () C:\Users\***name***\AppData\Local\[j0016]-[p68].bmp
2015-02-17 17:33 - 2015-02-17 17:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-10-20 22:28 - 2015-02-17 13:21 - 0010102 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\***name***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxenj5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-16 20:35

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Hans_Thurner at 2015-05-18 11:50:30
Running from C:\Users\Hans_Thurner\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3213465492-3622994428-3788502651-500 - Administrator - Disabled)
Gast (S-1-5-21-3213465492-3622994428-3788502651-501 - Limited - Disabled)
Hans_Thurner (S-1-5-21-3213465492-3622994428-3788502651-1000 - Administrator - Enabled) => C:\Users\Hans_Thurner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
A1 Dashboard (HKLM-x32\...\A1 Dashboard) (Version: 1.15.1.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.15.1.0 - A1 Telekom Austria AG) Hidden
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
ACDSee Ultimate 8 (64-bit) (HKLM\...\{DFD09008-75B2-49AB-A1D1-AEE552B3FD11}) (Version: 8.1.1.386 - ACD Systems International Inc.)
ACDSee Video Converter Pro 4.1 (HKLM-x32\...\ACDSee_acdVCPro) (Version: 4.1.0.166 - ACD Systems International Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Alpenvereinskarten digital (HKLM-x32\...\Alpenvereinskarten digital) (Version:  - )
AMap Fly 5.0 (HKLM-x32\...\{D5647409-6423-426C-AA3A-D0F703A52677}) (Version: 6.6.0.0000 - EADS Deutschland GmbH)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{74000F25-9A0A-B837-215D-7DFCD5641514}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
AV Stumpfl Wings (HKLM-x32\...\AV Stumpfl Wings (V 5.9.0)) (Version: 5.9.0 - AV Stumpfl)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version:  - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video ReMaker 4.0.8.140 (HKLM-x32\...\AVS Video ReMaker_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.2.4.1 - Broadcom Corporation)
ccc-core-static (x32 Version: 2010.0930.2237.38732 - Ihr Firmenname) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Freizeitkarte_AUT+ (Ausgabe 14.03) (HKLM-x32\...\Freizeitkarte_AUT+) (Version:  - )
Freizeitkarte_TUR (Ausgabe 14.06) (HKLM-x32\...\Freizeitkarte_TUR) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{BC8E822D-0C54-4426-B7D3-876CFC47EFEC}) (Version: 4.4.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Geogrid®-Viewer (x32 Version: 6.6.0.0000 - EADS Deutschland GmbH) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{5C519C69-AC39-40D0-9FF3-1F3FEE4640B2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LMSOFT Web Creator Pro 6 (HKLM-x32\...\Web Creator Pro 6) (Version:  - )
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta Professional 2003 (HKLM-x32\...\{034400C0-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\...\MyFreeCodec) (Version:  - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
ODBC (HKLM-x32\...\ODBC) (Version:  - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
SmartSerialMail V5.1.3 (HKLM-x32\...\SmartSerialMail_is1) (Version: 5.1.3 - JAM Software)
svBuilder (HKLM-x32\...\svBuilder) (Version: 2.3.2 - SimpleViewer Inc)
svBuilder (x32 Version: 2.3.2 - SimpleViewer Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3213465492-3622994428-3788502651-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

17-05-2015 21:44:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-16 14:55 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11E2C7E6-02CD-4B85-AD29-8EBB660E3679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {130EDC82-D009-434F-8AF3-8702AD2BD7F0} - System32\Tasks\{1FEA43D4-DD32-4112-B9EF-C89847CF4787} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {1A9527C9-E4AD-4DAE-9ED4-AD68F32DADC9} - System32\Tasks\{25C374D8-51D2-43E3-880D-3A07DE8FE227} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {22E2C234-F23F-4A36-BDCD-18CCBFF35A3B} - System32\Tasks\{483BF32D-19AC-44F1-8881-B4F3D27D225A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {279A21EA-BCEE-4F5D-90B8-BABCB0BC859A} - System32\Tasks\{38496090-C565-42B3-97D0-A628DC006B82} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {28B19B62-D270-4B86-8076-47B68F874D7C} - System32\Tasks\{DF945111-70CA-469B-A348-4CE9861E4E50} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {2E3B053A-64CA-4770-8EF9-3D7A0E24EE7B} - System32\Tasks\{50C68E2D-62AD-4929-9AA9-20256918F156} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {2F789BE8-B0E0-4B47-B95E-28CED0269CDF} - System32\Tasks\{F5CB5B8D-646B-46FA-9222-ABB9A3C7FC1F} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {313645A3-CADF-4491-86AF-9E82E3A5D736} - System32\Tasks\{A7B27D28-AB55-450A-AF53-87685E764915} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {33A53B10-7D93-4C0B-A459-51EDD7509B99} - System32\Tasks\{8F2175A3-39ED-412C-B6B5-E21FAABF6B74} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {36E09EC4-F04C-4E81-B25B-A09E8BC72142} - System32\Tasks\{554AEC8D-2C04-4BB4-A67A-9C1F5BE2D62B} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {3B199697-E8EC-4A98-A79D-09FE95EEED04} - System32\Tasks\hpUrlLauncher.exe_{A558F23D-DFFF-402A-AC04-4969ADA7A967} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22] (Hewlett-Packard Development Company, LP)
Task: {45F2AC92-99B1-4B95-9B11-0E5DC107B207} - System32\Tasks\{3C85C242-DA6A-43C1-8887-F5A8E1F2257C} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {5164CFA8-A946-4905-A424-E66EB307E913} - System32\Tasks\{51843A71-A9CB-4FEE-8833-950C1A16ED52} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {53B3239E-A146-4614-BC3F-C986B9E747AE} - System32\Tasks\{8167160D-7A31-486E-A36C-762166D7F30D} => pcalua.exe -a "K:\tray backup.exe" -d K:\
Task: {5A0BDCA0-1E22-47CA-9CE6-007A9E49C380} - System32\Tasks\{4A686B65-891D-4EFE-84BC-41DBC41195D0} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {634E3A81-0AD7-4929-910F-67A87C72599B} - System32\Tasks\{0BA9B6CB-A377-4802-A89B-A3FB75BD6DBA} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {6D0F9806-7B46-4DD2-80BA-7EA8837A9BCD} - System32\Tasks\{3E5165E2-4BC9-459F-B932-D13C9FCA1C63} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {6E9B0248-0D67-4579-A491-F95A55D96ACF} - System32\Tasks\{CD21EC92-0374-45AF-BF92-9F19AFBC43EB} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {963FD547-9465-45BD-BACB-E8AD19941B07} - System32\Tasks\{1493D980-8E5B-4519-9043-57BC225C1086} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {98735C27-3CE5-4D32-8AC2-75E5D24D57AD} - System32\Tasks\{23EDC648-ED8D-4B05-A331-292C118D6086} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {9E73144E-2A24-4493-AE1F-D2529EF66566} - System32\Tasks\{E56BC32D-65B6-4827-AF2B-2B39448F5D4A} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AB6A4D83-97B1-4273-B236-5C3E20EE5DB2} - System32\Tasks\{1172F15B-DDE5-4E45-84E4-1CD7BB24F259} => C:\Program Files\QuarkXPress Passport\QuarkXPress Passport.exe
Task: {ACFFEFE8-419F-47BA-A6D8-A240CE0C6187} - System32\Tasks\{1A3377AE-1094-42B5-B72C-E0985785933B} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {AF2C240E-995A-481F-9B64-6163841CC745} - System32\Tasks\{B2F8CBF8-5B51-4F71-83A6-AEAF8910D9E6} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B251BD8F-9BA8-49DB-BB76-BCE70C9A5A4F} - System32\Tasks\{4868EAC3-E0C9-4267-BE34-1BE206397DD0} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B7F24BA5-155B-4360-BAA6-361241ACE069} - System32\Tasks\{F0A209F7-2C0E-485A-BAD4-A729ADDE2B24} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {B91FFCDB-E6CE-411E-9812-BD16D04B009F} - System32\Tasks\{7196370E-77F5-4FB8-B633-2DE26324FB56} => C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
Task: {D3FED5A5-BE92-4A9C-893B-82EE451F3BE5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D6AF886E-A8BE-4672-BFE5-4B31A8763F40} - System32\Tasks\{0097006A-6CB3-4E76-AC8F-27D4A4CDCA8E} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {D814276E-4162-46B0-8A99-087614276940} - System32\Tasks\{FE6C2B63-2455-41E1-A53F-026C169CAF94} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {D85225B2-1656-4332-8E1F-F2F7A6F37831} - System32\Tasks\{5AB9579A-8732-4A8D-A399-51CB363A3994} => C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\adobe gamma\Adobe Gamma Loader.exe
Task: {D8ACFAED-F069-4656-AD76-DF5892646DA4} - System32\Tasks\{DD76B277-84D4-42FD-9F80-AC6744C50090} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {DC864D60-02A3-466D-9E87-FCCA23387F69} - System32\Tasks\{16395E5E-A1C7-4689-ABF9-80FA03E00808} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {DDE01C0A-F955-4C74-AB16-F8AEFB771CBF} - System32\Tasks\{91AA85FB-002E-4F88-BC90-89412590E8EE} => pcalua.exe -a "C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\web creator pro 5\WC5ProInstall200.EXE" -d "C:\Users\Hans_Thurner\A_Eigene Dateien\Programme installations dateien\web creator pro 5"
Task: {E81E7297-BD44-4440-BEB4-641D0E14E724} - System32\Tasks\{9E189C0A-E6BF-4088-99CF-2F0C1BE695D7} => C:\Program Files (x86)\LMSOFT\Web Creator Pro 5\WebCreatorPro5.exe
Task: {EA72CE08-B2C2-4924-B89A-2FF804C49349} - System32\Tasks\{190648A2-E50A-48B5-A38F-D30967DA27B1} => C:\Users\Hans_Thurner\A_Eigene Dateien\digitale karten AV & Austrian map\austrian map ost\Setup\SETUP.EXE
Task: {F67C5D37-16BE-44AF-B08D-0262B2725AE4} - System32\Tasks\hpUrlLauncher.exe_{E6CEA810-0FE6-47D8-9A3A-522506D50EDE} => C:\Program Files\HP\HP ENVY 4500 series\Bin\utils\hpUrlLauncher.exe [2014-07-22] (Hewlett-Packard Development Company, LP)
Task: {FDE70701-DEAE-414B-AC26-A8BE4D5518AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-02-04 12:02 - 2015-02-04 12:02 - 02061832 _____ () C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
2010-08-26 16:08 - 2010-08-26 16:08 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-30 22:36 - 2010-09-30 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2010-08-19 19:32 - 2010-08-19 19:32 - 00086016 _____ () C:\Program Files (x86)\A1 Dashboard\resetregistry.dll
2011-04-18 09:16 - 2011-04-18 09:16 - 01421824 _____ () C:\Program Files (x86)\A1 Dashboard\Skins\A1\A1Skin.dbskin

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:7E63EC98

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3213465492-3622994428-3788502651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans_Thurner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.48.128.199 - 194.48.139.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ACPW05DE => "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SmartSerialMail Versand => C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMailServiceApp.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{3091EE42-36DE-454F-9350-B91F7C7545F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{BDB8FFC4-E434-4D27-96D8-3E83121216F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0D7A4497-79A8-4926-B61F-4FC58063362C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{82096AA0-42FD-40DC-AB4C-6FC9CF6BC619}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{92F0F32B-42B2-49F6-BA18-18DE806FF4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BAC352A7-5851-4EB0-8B7E-D8635AB8C7C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{225DA7FE-0DD6-4BDB-B6F4-74825F8E1C4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C8ACA1A2-3F92-4D58-8E78-9C50B7D8F46F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{AAE908A1-4D97-4DFC-903B-8629FC75CB92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C680AF17-AFBA-4223-9B43-433DF42019BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{49E2C73A-7E4A-4484-8FE5-3995F5A9333E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [TCP Query User{8669B727-76C7-48B4-A5DF-1E142DE6E8AB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{C0C25388-CB6D-4FEE-9630-A02A79C9BA5C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{C511E6DB-5FBD-4EEB-8F02-94E3CD8B8EC6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{87DEF01C-F0E9-48E9-A025-AD835CB86C19}C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [UDP Query User{A7CF7E79-4AF5-4F09-B545-6D1DA113AB6F}C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5demo.exe
FirewallRules: [TCP Query User{EC4CCCE1-D7F7-4D9D-9ADD-E3D54696FD2D}C:\program files (x86)\av stumpfl\wings 5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [UDP Query User{E7994D36-A4A7-4238-8898-85C4415F1F1F}C:\program files (x86)\av stumpfl\wings 5\wings5.exe] => (Allow) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{EA32D7AF-9261-4B85-9E88-5623BBCCF6EF}] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{C9D11AF4-1C7C-4679-8EEA-83B532B188F7}] => (Block) C:\program files (x86)\av stumpfl\wings 5\wings5.exe
FirewallRules: [{F2450001-372F-4FA7-AB29-37360499B565}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6FA9C52A-B68B-414B-8B31-B1829890FAA1}] => (Allow) C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMail.exe
FirewallRules: [{E645DC52-F34A-4FD8-855B-8ACC53E41819}] => (Allow) C:\Program Files (x86)\JAM Software\SmartSerialMail\SmartSerialMailServiceApp.exe
FirewallRules: [{38B74D08-8ED5-48AE-9E54-F8E2DD5C635F}] => (Allow) C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\spamd.exe
FirewallRules: [TCP Query User{6F04F8A5-4214-4A61-8E58-8539547CF495}C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [UDP Query User{0E6DE58A-24C2-4174-9956-62C5AA8A3AFA}C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe] => (Block) C:\program files (x86)\av stumpfl\wings uninstall\avioservice.exe
FirewallRules: [{7082D1E7-57DB-450D-B19B-C144ED8ED3F5}] => (Allow) C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8DEBED6A-3A39-433A-94B4-06B8E46D6BC8}] => (Allow) C:\Users\Hans_Thurner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B62CD113-8EB4-4C39-B702-A1D596B04C4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3ED69F24-18B6-4BA7-BB06-562B345949C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EABF833B-A963-4F00-A848-28B049CA8526}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{498C015F-DD6C-48BA-BC9F-535FE40A38BD}] => (Allow) LPort=5357
FirewallRules: [{919E4D0E-7E48-4EF4-BF89-AEFC2A213951}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{8500565B-434D-4211-A055-1D2B9467F3E4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DCDE6386-1151-408F-A28D-42B35E4696E2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2015 10:53:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2015 00:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ACDSeeUltimate8.exe, Version: 8.1.1.386, Zeitstempel: 0x54d1b672
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000029fa9
ID des fehlerhaften Prozesses: 0x12b4
Startzeit der fehlerhaften Anwendung: 0xACDSeeUltimate8.exe0
Pfad der fehlerhaften Anwendung: ACDSeeUltimate8.exe1
Pfad des fehlerhaften Moduls: ACDSeeUltimate8.exe2
Berichtskennung: ACDSeeUltimate8.exe3

Error: (05/17/2015 09:32:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 04:38:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:12:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wings5.exe, Version: 5.9.0.0, Zeitstempel: 0x5476e8ea
Name des fehlerhaften Moduls: Wings5.exe, Version: 5.9.0.0, Zeitstempel: 0x5476e8ea
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000fec99
ID des fehlerhaften Prozesses: 0xe3c
Startzeit der fehlerhaften Anwendung: 0xWings5.exe0
Pfad der fehlerhaften Anwendung: Wings5.exe1
Pfad des fehlerhaften Moduls: Wings5.exe2
Berichtskennung: Wings5.exe3

Error: (05/16/2015 10:36:25 PM) (Source: SmartSerialMail) (EventID: 0) (User: DellXPS_8300)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 00563453 in module 'SmartSerialMail.exe'. Read of address 00000010
----------------------------------------------------------------------------------------------------------------------------
|Adresse |Modul              |Einheit              |Klasse              |Prozedur/Methode                        |Linie  |
----------------------------------------------------------------------------------------------------------------------------
|009FD3B7|SmartSerialMail.exe|SSM.UI.Ribbon.pas    |UI                  |Ribbon.TBoogieRibbonForm.CreateParams  |280[1]  |
|7737E01E|ntdll.dll          |                      |                    |RtlFreeHeap                            |        |
|7696D1E0|USER32.dll        |                      |                    |EnumWindows                            |        |
|7696D1CF|USER32.dll        |                      |                    |EnumWindows                            |        |
|769AC21A|USER32.dll        |                      |                    |GetRawInputDeviceInfoW                  |        |
|00861A70|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5252[16]|
|008619CC|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5236[0] |
|00C0BB3C|SmartSerialMail.exe|SSM.UI.Html.Edit.pas  |UI                  |Html.Edit.THtmlEdit.Destroy            |545[2]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00D7E564|SmartSerialMail.exe|SSM.UI.Main.pas      |UI                  |Main.TMainform.Destroy                  |798[2]  |
|7737E813|ntdll.dll          |                      |                    |RtlEqualUnicodeString                  |        |
|7737EFAA|ntdll.dll          |                      |                    |RtlDosApplyFileIsolationRedirection_Ustr|        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|76AD74F6|KERNELBASE.dll    |                      |                    |GetErrorMode                            |        |
|76AD7551|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|76AD7520|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|7737FD38|ntdll.dll          |                      |                    |LdrGetDllHandleEx                      |        |
|7737FD2A|ntdll.dll          |                      |                    |LdrGetDllHandle                        |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|77387346|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|7738734D|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
----------------------------------------------------------------------------------------------------------------------------

Error: (05/16/2015 07:13:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 04:50:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/16/2015 03:18:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.


System errors:
=============
Error: (05/17/2015 06:15:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (05/17/2015 04:49:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 114.15.0.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/17/2015 04:49:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.197.2724.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/17/2015 04:49:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.197.2724.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/17/2015 04:49:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.197.2724.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.8.0204.00

        Quellpfad: 4.8.0204.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/16/2015 08:46:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/16/2015 02:56:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/16/2015 02:55:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/18/2015 10:53:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2015 00:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ACDSeeUltimate8.exe8.1.1.38654d1b672ole32.dll6.1.7601.175144ce7c92cc00000050000000000029fa912b401d090d86597d584C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeUltimate8.exeC:\Windows\system32\ole32.dll0db0c4db-fce3-11e4-a6af-180373ced106

Error: (05/17/2015 09:32:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 04:38:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:12:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 00:41:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wings5.exe5.9.0.05476e8eaWings5.exe5.9.0.05476e8eac0000005000fec99e3c01d090297552dfa3C:\Program Files (x86)\AV Stumpfl\Wings 5\Wings5.exeC:\Program Files (x86)\AV Stumpfl\Wings 5\Wings5.exebcb6e882-fc1c-11e4-ba3d-180373ced106

Error: (05/16/2015 10:36:25 PM) (Source: SmartSerialMail) (EventID: 0) (User: DellXPS_8300)
Description: Exception Class : EAccessViolation
Exception Message : Access violation at address 00563453 in module 'SmartSerialMail.exe'. Read of address 00000010
----------------------------------------------------------------------------------------------------------------------------
|Adresse |Modul              |Einheit              |Klasse              |Prozedur/Methode                        |Linie  |
----------------------------------------------------------------------------------------------------------------------------
|009FD3B7|SmartSerialMail.exe|SSM.UI.Ribbon.pas    |UI                  |Ribbon.TBoogieRibbonForm.CreateParams  |280[1]  |
|7737E01E|ntdll.dll          |                      |                    |RtlFreeHeap                            |        |
|7696D1E0|USER32.dll        |                      |                    |EnumWindows                            |        |
|7696D1CF|USER32.dll        |                      |                    |EnumWindows                            |        |
|769AC21A|USER32.dll        |                      |                    |GetRawInputDeviceInfoW                  |        |
|00861A70|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5252[16]|
|008619CC|SmartSerialMail.exe|ProfDHTMLEdit.pas    |TCustomProfDHTMLEdit|Destroy                                |5236[0] |
|00C0BB3C|SmartSerialMail.exe|SSM.UI.Html.Edit.pas  |UI                  |Html.Edit.THtmlEdit.Destroy            |545[2]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00C4432D|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePage      |Destroy                                |4298[18]|
|00C4624C|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5352[40]|
|00C460FC|SmartSerialMail.exe|advofficepager.pas    |TAdvOfficePager    |Destroy                                |5312[0] |
|00D27E30|SmartSerialMail.exe|SSM.UI.PageControl.pas|UI                  |PageControl.TBoogiePageControl.Destroy  |162[4]  |
|00D7E564|SmartSerialMail.exe|SSM.UI.Main.pas      |UI                  |Main.TMainform.Destroy                  |798[2]  |
|7737E813|ntdll.dll          |                      |                    |RtlEqualUnicodeString                  |        |
|7737EFAA|ntdll.dll          |                      |                    |RtlDosApplyFileIsolationRedirection_Ustr|        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|76AD74F6|KERNELBASE.dll    |                      |                    |GetErrorMode                            |        |
|76AD7551|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|76AD7520|KERNELBASE.dll    |                      |                    |SetErrorMode                            |        |
|7737FD38|ntdll.dll          |                      |                    |LdrGetDllHandleEx                      |        |
|7737FD2A|ntdll.dll          |                      |                    |LdrGetDllHandle                        |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
|77387346|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|7738734D|ntdll.dll          |                      |                    |LdrUnlockLoaderLock                    |        |
|77372280|ntdll.dll          |                      |                    |RtlLeaveCriticalSection                |        |
----------------------------------------------------------------------------------------------------------------------------

Error: (05/16/2015 07:13:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/16/2015 04:50:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Hans_Thurner\Desktop\esetsmartinstaller_deu.exe

Error: (05/16/2015 03:18:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Users\Hans_Thurner\Desktop\esetsmartinstaller_deu.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8174.45 MB
Available physical RAM: 6074.79 MB
Total Pagefile: 16347.08 MB
Available Pagefile: 14038.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:340.25 GB) NTFS
Drive e: (A1 Dashboard) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive n: (USB_15GB_HT) (Removable) (Total:14.92 GB) (Free:14.91 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8BFD36D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1384 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: 16D0BC91)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================

M-K-D-B 18.05.2015 15:02
Servus,


das muss wohl an Firefox selbst liegen... evtl. Probleme mit einer Kodierung oder ein Plugin macht Probleme.


was du noch versuchen kannst:

1) Firefox updaten
2) Firefox komplett deinstallieren, keine Reste/private Daten behalten, neu installieren.
3) Nacheinander alle Addons & Plugins deinstallieren/deaktivieren









Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
   


Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/ghostery_chrome.pngGhostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

hans_t 20.05.2015 12:25
Servus,
soweit alles klar.
Eine Verständnisfrage für mich bitte: Mit den vorangegangenen Aktionen wurde versucht beide meiner PC Probleme zu entfernen, wie PUP.Optional.Babylon.A und die Artefakte?
PUP.Optional.Babylon.Ah ist definitiv entfernt, richtig?

Die Artekate sind leider noch da. Da werde ich wohl noch versuchen müssen Mozilla komplet neu aufzupielen ...

Danke für die Hilfe!

M-K-D-B 20.05.2015 15:54
Zitat:
Zitat von hans_t (Beitrag 1468020)
PUP.Optional.Babylon.Ah ist definitiv entfernt, richtig?.
Ja, Babylon ist weg. :)





Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131