Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   HIDDENEXT/Worm.Gen und andere Malware (https://www.trojaner-board.de/168085-hiddenext-worm-gen-andere-malware.html)

dude_gg 20.06.2015 14:06
HIDDENEXT/Worm.Gen und andere Malware
 
Hallo zusammen,

ich habe den PC meines Neffen (14 Jahre alt) zu mir genommen, da er durch unvorsichtige Downloads (Games etc.) einiges an Malware und evtl. Trojaners eingefangen hat (falls es denn welche sind). Falls es also allenfalls auch nicht legal erworbene SW auf dem Gerät haben sollte, bitte melden und werde diese sofort entfernen.

Für den Anfang habe ich ein Logfile von Antivir und von Malwarebytes.

Log Antivir:
Code:
Exportierte Ereignisse:

18.06.2015 23:20 [System-Scanner] Malware gefunden
      Die Datei 'C:\Program Files (x86)\Common
      Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.bak'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Fehler in der ARK Library.
      Die Datei wurde zum Löschen nach einem Neustart markiert.
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

18.06.2015 23:19 [System-Scanner] Malware gefunden
      Die Datei
      'C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.bak'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/BrowseFox.Gen'
      [adware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Fehler in der ARK Library.
      Die Datei wurde zum Löschen nach einem Neustart markiert.
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

18.06.2015 23:19 [System-Scanner] Malware gefunden
      Die Datei
      'C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\5f372613-e210-489
      a-86ad-6b9e6cbe5244.dll'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/BrowseFox.246008.2'
      [adware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
      Die Quelldatei konnte nicht gefunden werden.
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Fehler in der ARK Library.
      Die Datei wurde zum Löschen nach einem Neustart markiert.
      Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

18.06.2015 23:19 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Noah\AppData\Local\Temp\nsvD262.tmp\Uninstall.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/SeaSuite.Gen' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2f92e6ef.qua'
      verschoben!

18.06.2015 23:19 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Noah\AppData\Local\Temp\nsz954.tmp\nsj2F5D.tmp\TorchSetupFull.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/SeaSuite.Gen' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '43d7cada.qua'
      verschoben!

18.06.2015 23:19 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Noah\AppData\Local\Temp\~nsu.tmp\Au_.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/SeaSuite.Gen' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5aa8f146.qua'
      verschoben!

18.06.2015 23:19 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Noah\AppData\Local\Torch\Update\Download\TorchSetup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'PUA/SeaSuite.Gen' [riskware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '77e5de06.qua'
      verschoben!

18.06.2015 23:18 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Noah\Pictures\(31683) Blitz_Brigade_Hack.rar'
      enthielt einen Virus oder unerwünschtes Programm 'HIDDENEXT/Worm.Gen'
      [heuristic].
      Durchgeführte Aktion(en):
      Der Fund wurde als verdächtig eingestuft.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5164947f.qua'
      verschoben!

18.06.2015 23:18 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Noah\Downloads\fatal_v4beta.rar'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.381539' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b0b837.qua'
      verschoben!

schrauber 20.06.2015 16:28
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


dude_gg 21.06.2015 13:07
Vielen Dank für die Hilfe, entschudlige die späte Antwort, habe aus Versehen Notebook im Auto meines Bruders gelassen und konnte dieses erst heute wieder abholen.

Betr. Farbar, iIst in Ordnung, habe 64 BIT OS, die Version runtergeladen und lassen Scan nun laufen. Danach poste ich das Logfile.

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Julianna (administrator) on JULIANNA-HP on 21-06-2015 14:03:14
Running from C:\Users\Julianna\Desktop
Loaded Profiles: Julianna &  (Available Profiles: Julianna & Noah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IARNIJE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Run: [Viber] => "C:\Users\Julianna\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\MountPoints2: E - E:\InstallNavi.exe
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Viber] => "C:\Users\Julianna\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\InstallNavi.exe
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [openvpntray.EXE] => C:\Users\Noah\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Noah\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iLivid] => "C:\Users\Noah\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Softonic for Windows] => C:\Users\Noah\AppData\Local\Softonic\Softonic.exe [4170224 2014-05-26] (Softonic)
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5321891a-e152-11e4-ac05-28924a3fe2a4} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {703ed95e-5acd-11e4-a71f-28924a3fe2a4} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013-05-16]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk [2015-06-09]
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk [2015-06-09]
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
GroupPolicyUsers\S-1-5-21-772145797-1672311722-2663458744-1003\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {44FEACEF-E1FA-4E7F-B7D2-F4182AEB62B6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {44FEACEF-E1FA-4E7F-B7D2-F4182AEB62B6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> {44FEACEF-E1FA-4E7F-B7D2-F4182AEB62B6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> {D0A11A8C-EDB7-4753-A352-9ABF15112206} URL = hxxp://www.search.ask.com/web?tpid=OVO2-SP&o=APN11385&pf=V7&p2=^BAS^YYYYYY^YY^CH&gct=&itbv=12.22.0.12&apn_uid=5E19DC85-DAC2-4B96-9A04-E3EB1CC878C7&apn_ptnrs=^BAS&apn_dtid=^YYYYYY^YY^CH&apn_dbr=DRAGON.exe_0_33.1.0.1&doi=2014-12-23&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {44FEACEF-E1FA-4E7F-B7D2-F4182AEB62B6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D0A11A8C-EDB7-4753-A352-9ABF15112206} URL = hxxp://www.search.ask.com/web?tpid=OVO2-SP&o=APN11385&pf=V7&p2=^BAS^YYYYYY^YY^CH&gct=&itbv=12.22.0.12&apn_uid=5E19DC85-DAC2-4B96-9A04-E3EB1CC878C7&apn_ptnrs=^BAS&apn_dtid=^YYYYYY^YY^CH&apn_dbr=DRAGON.exe_0_33.1.0.1&doi=2014-12-23&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0EE02051-EA79-4710-90BD-49DEB1348F69} URL = hxxp://www.search.ask.com/web?tpid=OVO2-SP&o=APN11385&pf=V7&p2=^BAS^YYYYYY^YY^CH&gct=&itbv=12.22.0.12&apn_uid=5E19DC85-DAC2-4B96-9A04-E3EB1CC878C7&apn_ptnrs=^BAS&apn_dtid=^YYYYYY^YY^CH&apn_dbr=DRAGON.exe_0_33.1.0.1&doi=2014-12-23&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {44FEACEF-E1FA-4E7F-B7D2-F4182AEB62B6} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=484&systemid=406&v=n9396-120&apn_uid=3416423484454401&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll [2015-02-02] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-25] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-772145797-1672311722-2663458744-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-07-29] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Julianna\AppData\Roaming\Mozilla\Firefox\Profiles\i1h0jq96.default-1423399908793
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll [2015-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: CHIP Best Deal - C:\Users\Julianna\AppData\Roaming\Mozilla\Firefox\Profiles\i1h0jq96.default-1423399908793\Extensions\ciuvo-extension@chip.de.xpi [2015-03-18]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.ch/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-11]
CHR Extension: (Google Drive) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-19]
CHR Extension: (YouTube) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-11]
CHR Extension: (Google Search) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-15]
CHR Extension: (Google Wallet) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.J47WYJYLDFYNKENCOAYYMUSUUA - C:\Users\Julianna\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-05-07] (WildTangent)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 14:03 - 2015-06-21 14:03 - 00041227 _____ C:\Users\Julianna\Desktop\FRST.txt
2015-06-21 14:02 - 2015-06-21 14:01 - 02109952 _____ (Farbar) C:\Users\Julianna\Desktop\FRST64.exe
2015-06-21 14:01 - 2015-06-21 14:03 - 00000000 ____D C:\FRST
2015-06-21 14:00 - 2015-06-21 14:01 - 02109952 _____ (Farbar) C:\Users\Julianna\Downloads\FRST64.exe
2015-06-20 15:50 - 2015-06-20 15:50 - 00006941 _____ C:\Users\Julianna\Desktop\Funde_Malwarebytes.txt
2015-06-20 15:01 - 2015-06-20 15:01 - 00009440 _____ C:\Users\Julianna\Desktop\Ereignisse_Avira.txt
2015-06-20 15:00 - 2015-06-20 15:00 - 00000808 _____ C:\Users\Julianna\Desktop\Ereignisse.txt
2015-06-20 14:41 - 2015-06-20 14:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-20 14:40 - 2015-06-20 14:40 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-20 14:40 - 2015-06-20 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-20 14:40 - 2015-06-20 14:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-20 14:40 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-20 14:40 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-20 14:38 - 2015-06-20 14:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Julianna\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-18 19:56 - 2015-06-18 19:56 - 00000000 ____D C:\Users\Julianna\AppData\Local\Steam
2015-06-16 20:45 - 2015-06-16 20:45 - 00000000 ____D C:\Users\Julianna\AppData\Local\Macromedia
2015-06-16 18:48 - 2015-06-16 18:48 - 00000000 ____D C:\Users\Noah\AppData\Local\Macromedia
2015-06-16 18:47 - 2015-06-16 18:47 - 00000000 ____D C:\ProgramData\McAfee
2015-06-16 18:42 - 2015-06-16 18:42 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Noah\Downloads\flashplayer18_ga_install.exe
2015-06-15 21:07 - 2015-06-15 21:07 - 00000000 ____D C:\Users\Julianna\AppData\Local\{9640382C-891C-43BD-B67E-EE5207E119D2}
2015-06-10 14:34 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 14:34 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 14:34 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 14:34 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 14:34 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 14:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 14:34 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 14:34 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 14:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 14:34 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 14:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 14:34 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 14:34 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 14:34 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 14:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 14:34 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 14:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 14:34 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 14:34 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 14:34 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 14:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 14:34 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 14:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 14:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 14:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 14:34 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 14:34 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 14:34 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 14:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 14:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 14:34 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 14:34 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 14:34 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 14:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 14:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 14:34 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 14:34 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 14:34 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 14:34 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 14:34 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 14:34 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 14:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 14:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 14:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 14:34 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 14:34 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 14:34 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 14:34 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 14:34 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 14:34 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 14:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 14:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 14:34 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 14:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 14:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 14:34 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 14:34 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 14:34 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 14:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 14:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 14:33 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 14:33 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 14:33 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 14:33 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 14:33 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 14:33 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 14:33 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 14:33 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 14:33 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 14:33 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 14:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 14:33 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 14:33 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 14:33 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 14:33 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 14:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 14:33 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 14:33 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 14:30 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 14:30 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 14:30 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 14:30 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 14:30 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 14:30 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 14:30 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 14:30 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 14:30 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 14:30 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 14:30 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 14:30 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 14:30 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 14:30 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 14:30 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 14:30 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 14:30 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 14:30 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 14:30 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 14:30 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 14:30 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 14:30 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 14:30 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 14:30 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 14:30 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 14:30 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 14:30 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 14:30 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 14:30 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 14:30 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 14:30 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:30 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 14:28 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 14:28 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 14:28 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 21:07 - 2015-06-09 21:07 - 00001045 _____ C:\Users\Public\Desktop\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
2015-06-09 21:04 - 2015-06-09 21:05 - 23871776 _____ (Macrovision Corporation) C:\Users\Noah\Downloads\intelturbo.exe
2015-06-08 13:27 - 2015-06-08 13:27 - 05912258 _____ C:\Users\Julianna\Documents\Fahrzeugprüfung.bmp
2015-06-06 12:13 - 2015-06-06 12:13 - 00000000 ____D C:\Users\Julianna\AppData\Local\{B88C3441-94C7-4277-B601-3218CA307ACA}
2015-06-05 16:55 - 2015-06-05 16:55 - 00000222 _____ C:\Users\Noah\Desktop\Call of Duty Black Ops 2.url
2015-06-05 16:55 - 2015-06-05 16:55 - 00000222 _____ C:\Users\Noah\Desktop\Call of Duty Black Ops 2 Zombie.url
2015-06-05 16:55 - 2015-06-05 16:55 - 00000222 _____ C:\Users\Noah\Desktop\Call of Duty Black Ops 2 Online.url
2015-06-04 11:42 - 2015-06-04 11:42 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-03 22:18 - 2015-06-03 22:18 - 00000000 ____D C:\Users\Julianna\AppData\Local\GWX
2015-06-03 21:45 - 2015-06-03 21:45 - 03164758 _____ C:\Users\Julianna\Documents\COC-Formular.bmp
2015-06-02 19:51 - 2015-06-03 09:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 19:09 - 2015-06-01 19:09 - 00000000 ____D C:\Users\Noah\AppData\Local\GWX
2015-05-31 11:32 - 2015-05-31 11:27 - 04418494 _____ C:\Users\Julianna\Documents\+C° Seite 3.bmp
2015-05-30 22:44 - 2015-05-30 22:44 - 00000221 _____ C:\Users\Noah\Desktop\Knights.url
2015-05-30 21:28 - 2015-03-31 21:28 - 00000032 ____R C:\ProgramData\hash.dat
2015-05-27 13:17 - 2015-05-27 13:17 - 00000222 _____ C:\Users\Noah\Desktop\Skill 2.url
2015-05-26 19:35 - 2015-05-26 19:35 - 00000222 _____ C:\Users\Noah\Desktop\Deadbreed.url
2015-05-26 19:09 - 2015-05-26 19:09 - 00000000 ____D C:\Users\Noah\AppData\Roaming\.huntedcowcache
2015-05-26 18:56 - 2015-05-26 18:56 - 30668968 _____ (Riot Games) C:\Users\Noah\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 13:58 - 2012-09-21 11:25 - 01871034 _____ C:\Windows\WindowsUpdate.log
2015-06-21 13:57 - 2012-09-22 19:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-21 13:57 - 2012-02-11 00:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-20 21:51 - 2012-09-22 19:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-20 14:40 - 2013-03-17 13:45 - 00000000 ____D C:\Users\Julianna\AppData\Roaming\Malwarebytes
2015-06-20 14:40 - 2013-03-17 13:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-20 14:31 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-20 14:31 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-20 14:13 - 2015-02-06 11:53 - 00000000 ____D C:\Users\Julianna\Documents\Outlook-Dateien
2015-06-20 13:40 - 2012-02-11 08:10 - 00703192 _____ C:\Windows\system32\perfh007.dat
2015-06-20 13:40 - 2012-02-11 08:10 - 00150800 _____ C:\Windows\system32\perfc007.dat
2015-06-20 13:40 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-20 13:18 - 2013-02-01 20:13 - 00000000 ____D C:\Users\Julianna\Documents\Peter
2015-06-20 12:04 - 2012-10-01 18:32 - 00000000 ____D C:\Users\Julianna\Documents\Div. Briefe
2015-06-20 11:51 - 2013-04-03 13:30 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{248B495F-DC38-4F1C-8F35-C5D80BB19AC9}
2015-06-20 11:48 - 2015-04-16 10:15 - 00000000 ____D C:\Users\Julianna\AppData\Local\HTC MediaHub
2015-06-20 11:48 - 2015-01-02 02:22 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-20 11:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-20 11:47 - 2009-07-14 06:51 - 00251910 _____ C:\Windows\setupact.log
2015-06-19 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-18 23:22 - 2012-09-26 17:12 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForJulianna.job
2015-06-18 23:22 - 2010-11-21 05:47 - 01339830 _____ C:\Windows\PFRO.log
2015-06-18 23:00 - 2014-11-18 17:34 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-18 21:02 - 2012-12-23 23:08 - 00000000 ____D C:\Users\Julianna\Documents\Noah
2015-06-18 06:13 - 2012-09-26 17:12 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJulianna
2015-06-17 21:42 - 2015-04-16 01:03 - 00000000 ____D C:\Users\Noah\AppData\Local\HTC MediaHub
2015-06-16 18:48 - 2012-09-21 12:50 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{125ED9DF-1268-4407-B320-14E7C35C4BA6}
2015-06-16 18:47 - 2012-02-11 00:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-16 18:47 - 2012-02-11 00:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-16 18:47 - 2012-02-11 00:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-16 18:46 - 2012-09-22 21:01 - 00000000 ____D C:\Users\Noah\AppData\Local\Adobe
2015-06-16 18:46 - 2012-09-21 18:38 - 00000000 ____D C:\Users\Julianna\AppData\Local\Adobe
2015-06-16 18:46 - 2012-09-21 12:55 - 00000000 ____D C:\Users\Noah\AppData\Local\CrashDumps
2015-06-16 18:34 - 2014-11-12 20:30 - 00000000 __SHD C:\Users\Noah\AppData\Local\EmieBrowserModeList
2015-06-16 18:34 - 2014-04-23 19:17 - 00000000 __SHD C:\Users\Noah\AppData\Local\EmieUserList
2015-06-16 18:34 - 2014-04-23 19:17 - 00000000 __SHD C:\Users\Noah\AppData\Local\EmieSiteList
2015-06-15 21:05 - 2014-04-27 10:03 - 00000000 ____D C:\Users\Julianna\Documents\Haus
2015-06-14 00:20 - 2012-11-13 14:16 - 00000000 ____D C:\Users\Noah\AppData\Roaming\.minecraft
2015-06-14 00:14 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 20:02 - 2014-11-12 17:08 - 00000000 __SHD C:\Users\Julianna\AppData\Local\EmieBrowserModeList
2015-06-10 20:02 - 2014-04-22 18:50 - 00000000 __SHD C:\Users\Julianna\AppData\Local\EmieUserList
2015-06-10 20:02 - 2014-04-22 18:50 - 00000000 __SHD C:\Users\Julianna\AppData\Local\EmieSiteList
2015-06-10 19:57 - 2009-07-14 06:45 - 00409832 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 19:55 - 2014-05-06 20:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 19:54 - 2014-12-10 18:08 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 19:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 18:13 - 2012-09-29 19:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 18:09 - 2013-08-14 20:21 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 17:59 - 2012-09-29 16:09 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 17:09 - 2015-03-05 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-10 17:09 - 2014-08-15 13:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-10 17:08 - 2012-12-27 18:44 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-10 17:08 - 2012-11-21 16:10 - 00000000 ____D C:\ProgramData\Avira
2015-06-10 14:12 - 2012-02-11 00:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-06-10 14:11 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-10 13:37 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-06-10 13:21 - 2013-03-29 15:30 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-10 13:21 - 2013-03-29 15:30 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-09 21:07 - 2012-07-29 23:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-06-09 21:07 - 2012-07-29 23:16 - 00000000 ____D C:\Program Files\Intel
2015-06-09 21:05 - 2012-02-11 00:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-09 15:41 - 2014-06-12 17:12 - 00000000 ____D C:\Users\Noah\Documents\Camtasia Studio
2015-06-08 15:00 - 2012-02-11 00:28 - 00302891 _____ C:\Windows\DirectX.log
2015-06-08 13:28 - 2013-03-28 18:24 - 00232960 ___SH C:\Users\Julianna\Documents\Thumbs.db
2015-06-08 13:13 - 2013-05-21 10:35 - 00000000 ____D C:\Users\Julianna\Documents\MäderImmo
2015-06-05 22:37 - 2012-12-23 23:22 - 00000000 ____D C:\Users\Julianna\Documents\Mutti
2015-06-05 16:55 - 2014-11-18 17:59 - 00000000 ____D C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-04 13:41 - 2014-02-10 14:43 - 02172928 ___SH C:\Users\Noah\Desktop\Thumbs.db
2015-06-04 11:42 - 2012-09-22 19:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-03 09:54 - 2015-02-08 14:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-31 20:49 - 2012-09-23 21:36 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-05-29 21:09 - 2013-01-27 18:40 - 00000000 ____D C:\Users\Julianna\Documents\Gegi
2015-05-29 07:15 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 20:32 - 2012-09-21 11:26 - 00000000 ____D C:\Users\Julianna
2015-05-26 20:37 - 2012-09-29 23:09 - 00000000 ____D C:\Users\Julianna\Documents\Bewerbungsunterlagen
2015-05-25 18:56 - 2012-09-30 11:00 - 00000000 ____D C:\Users\Julianna\AppData\Local\CrashDumps
2015-05-25 13:46 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2015-05-30 21:28 - 2015-03-31 21:28 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
C:\Users\Julianna\AppData\Local\Temp\APNStub.exe
C:\Users\Julianna\AppData\Local\Temp\AskSLib.dll
C:\Users\Julianna\AppData\Local\Temp\avgnt.exe
C:\Users\Julianna\AppData\Local\Temp\avguidx.dll
C:\Users\Julianna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcptzsm.dll
C:\Users\Julianna\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Julianna\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Julianna\AppData\Local\Temp\Extract.exe
C:\Users\Julianna\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\Julianna\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Julianna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Julianna\AppData\Local\Temp\install_flashplayer11x32axau_chrd_awa_aih.exe
C:\Users\Julianna\AppData\Local\Temp\install_reader11_de_gtbp_chrd_aih.exe
C:\Users\Julianna\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Julianna\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Julianna\AppData\Local\Temp\ochelper.exe
C:\Users\Julianna\AppData\Local\Temp\offercast.exe
C:\Users\Julianna\AppData\Local\Temp\oi_{77627EAA-7C8E-4865-ACD4-61A5DE16994A}.exe
C:\Users\Julianna\AppData\Local\Temp\pcspeedup.exe
C:\Users\Julianna\AppData\Local\Temp\pcspeedup{1}.exe
C:\Users\Julianna\AppData\Local\Temp\Resource.exe
C:\Users\Julianna\AppData\Local\Temp\safeguard.exe
C:\Users\Julianna\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Julianna\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Julianna\AppData\Local\Temp\SHSetup.exe
C:\Users\Julianna\AppData\Local\Temp\SIntf16.dll
C:\Users\Julianna\AppData\Local\Temp\SIntf32.dll
C:\Users\Julianna\AppData\Local\Temp\SIntfNT.dll
C:\Users\Julianna\AppData\Local\Temp\SP56929.exe
C:\Users\Julianna\AppData\Local\Temp\SP57232.exe
C:\Users\Julianna\AppData\Local\Temp\SP57698.exe
C:\Users\Julianna\AppData\Local\Temp\sp58915.exe
C:\Users\Julianna\AppData\Local\Temp\SP59202.exe
C:\Users\Julianna\AppData\Local\Temp\SP60051.exe
C:\Users\Julianna\AppData\Local\Temp\SP61037.exe
C:\Users\Julianna\AppData\Local\Temp\SP61776.exe
C:\Users\Julianna\AppData\Local\Temp\SP62218.exe
C:\Users\Julianna\AppData\Local\Temp\sp64126.exe
C:\Users\Julianna\AppData\Local\Temp\SwisscomQuickHelp_Setup.exe
C:\Users\Julianna\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Julianna\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Noah\AppData\Local\Temp\664bc588c3e6f2b0d2afc4022dc0ab7a.dll
C:\Users\Noah\AppData\Local\Temp\avgnt.exe
C:\Users\Noah\AppData\Local\Temp\ed6e8e8c4b588010c8f64663407c6196.dll
C:\Users\Noah\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Noah\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\Noah\AppData\Local\Temp\SIntf16.dll
C:\Users\Noah\AppData\Local\Temp\SIntf32.dll
C:\Users\Noah\AppData\Local\Temp\SIntfNT.dll
C:\Users\Noah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Noah\AppData\Local\Temp\Softonic_DE_1-5-11_DE-Production_10_CleanRelease.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-07 15:00

==================== End of log ============================

dude_gg 21.06.2015 13:21
Addition.txt Logile
 
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Julianna at 2015-06-21 14:04:43
Running from C:\Users\Julianna\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-772145797-1672311722-2663458744-500 - Administrator - Disabled)
Gast (S-1-5-21-772145797-1672311722-2663458744-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-772145797-1672311722-2663458744-1002 - Limited - Enabled)
Julianna (S-1-5-21-772145797-1672311722-2663458744-1001 - Administrator - Enabled) => C:\Users\Julianna
Noah (S-1-5-21-772145797-1672311722-2663458744-1003 - Limited - Enabled) => C:\Users\Noah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Action Replay PowerSaves 3DS Version 1.11 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.11 - Datel Design & Development)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Benutzerhandbuch - Grundlagen EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Bog) (Version:  - )
Benutzerhandbuch EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Useg) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Camtasia Studio 8 (HKLM-x32\...\{6BED66AA-1DC6-474B-AC70-205CC3A68A39}) (Version: 8.4.4.1859 - TechSmith Corporation)
CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadbreed® (HKLM-x32\...\Steam App 277950) (Version:  - Deadbreed AB)
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Druckerdeinstallation für EPSON XP-402 403 405 406 Series (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
EasyTax 2013 AG 1.01 (HKLM-x32\...\4093-4123-1528-3000) (Version: 1.01 - HWI Solutions AG)
Eldevin (HKLM-x32\...\Steam App 298160) (Version:  - Hunted Cow Studios)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotspot Shield 2.75 (HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HotspotShield) (Version: 2.75 - AnchorFree Inc.)
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.44.5 - HTC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.90 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 31.0 (x86 de) (HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-772145797-1672311722-2663458744-1001\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Netzwerkhandbuch EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Netg) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Positive Finds (HKLM-x32\...\Positive Finds) (Version: 2.0.5511.20157 - Positive Finds) <==== ATTENTION!
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RaiderZ (HKLM-x32\...\Steam App 218470) (Version:  - )
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Steam App 286940) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Softonic for Windows (HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Softonic for Windows) (Version: 1.5.11 - Softonic International S.L.) <==== ATTENTION
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
Torch (HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Torch) (Version: 36.0.0.8667 - Torch Media, Inc)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.13 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoo Empire (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-772145797-1672311722-2663458744-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Julianna\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-772145797-1672311722-2663458744-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Julianna\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-772145797-1672311722-2663458744-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Julianna\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-772145797-1672311722-2663458744-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Julianna\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-772145797-1672311722-2663458744-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Julianna\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

10-06-2015 17:55:58 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04585115-BC49-4789-95C3-088D4AECC23E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0CDAB548-F4D2-4786-92C6-50280A894264} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {16A2A75E-6381-4CEE-AFB2-B681700710B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {17C59F1C-5735-40F5-9AE7-3F2FFB6A960C} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"
Task: {1E2ACF4B-E04F-4A48-8C0D-DB8D25DC02DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {40EC66F1-87DB-4D4E-B902-E1ECE4C0E5B3} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {4642E5AB-62B7-4302-89DF-C908C27083EF} - System32\Tasks\{2FE96988-D7FD-43F4-B837-38EC036C8B31} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {48CF3E90-2E2E-4A2D-98CE-0B9D04BCF136} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {4C0771A0-F57A-44F0-9AE9-81802F322B42} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {5109B02D-0F42-4F78-9029-9B6E06C2AD3D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
Task: {590DA771-E181-4F2C-B24C-E1D341E2D7DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {65E3C5E3-C46A-4146-9C5E-15D7A27F0BB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-16] (Adobe Systems Incorporated)
Task: {791D21BD-CCE9-40B5-8941-0CC8951CD5CB} - System32\Tasks\HPCeeScheduleForJulianna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {7BC918CD-1DEE-499C-B9BB-4EB324D895D7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {85CE6CB1-ADC2-41C3-B2C8-B22387FD89CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {95055720-11E6-4A84-8CB7-10A81D7BDD74} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {C296E306-523E-45A2-BED0-8BDA1182F4DA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {CA11E5AA-3B0D-4331-86A3-A4F75536A989} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-26] (Microsoft Corporation)
Task: {E0C9E85D-0C39-4024-9574-25CDF1C8C087} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E6D8F3C9-005C-4D78-A4BD-EADFCF7EB5BE} - System32\Tasks\{6112A666-8E10-48C6-879B-2EAE4F4AAEF8} => pcalua.exe -a "C:\Program Files (x86)\Swisscom\Quick Help\FFAddOnInstall.exe" -d "C:\Program Files (x86)\Swisscom\Quick Help" -c 6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJulianna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-29 23:16 - 2011-12-16 22:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-19 17:17 - 2015-03-19 17:17 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-01-06 03:24 - 2012-01-06 03:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-19 17:16 - 2015-03-19 17:16 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-03-19 17:16 - 2015-03-19 17:16 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-03-19 17:17 - 2015-03-19 17:17 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-03-19 17:17 - 2015-03-19 17:17 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-03-19 17:17 - 2015-03-19 17:17 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-03-19 17:18 - 2015-03-19 17:18 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-03-19 17:19 - 2015-03-19 17:19 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-10-15 15:45 - 2014-10-15 15:45 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-07-29 23:17 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-07-29 23:16 - 2011-12-16 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-06-16 18:47 - 2015-06-16 18:47 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-772145797-1672311722-2663458744-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-772145797-1672311722-2663458744-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-772145797-1672311722-2663458744-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C6FB2BB2-F549-476B-A3DD-BD640A839D44}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8C298FE9-169E-473D-B030-82BFE37DC4CA}] => (Allow) LPort=2869
FirewallRules: [{A584A01D-0DCB-4FE6-B639-CA60637DC515}] => (Allow) LPort=1900
FirewallRules: [{563AA6FF-E7A7-4855-811D-8195F21DAE80}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E9592222-E641-4F63-BF11-3454012B087A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4E33533B-85F1-4545-B619-19C8E736571C}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{39B678BE-D3B5-4830-A1AA-F85C83D03A8D}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{C8DC1EEA-9D59-41B5-AAEB-862FDC2772ED}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{869203CB-AFE9-430C-AEE8-E562B80484F5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{B360CD90-F015-4307-94CE-9B1A2219842C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{1C180847-A576-4AA4-98CF-1876F22C17B0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{2CA67F2B-0C19-401C-A9D1-6E4D3E554FED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2E9191E5-C621-4F2C-A4C6-FBE01CF7C02F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC1DE407-6C05-426B-9DC0-8E6B509F1ADD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0A9E5AB-1925-49FC-B0D4-FD8024AEBCE9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D5D5FAE-52B8-4124-B494-39B61AB96665}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{2AEA817B-04D7-474B-AA0C-F66B8E2CE7A1}C:\users\noah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\noah\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D2767BBC-5928-4626-B584-47E8FE63456D}C:\users\noah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\noah\appdata\local\akamai\netsession_win.exe
FirewallRules: [{620E1F65-F772-4DD7-9F23-06E2A888CB74}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{530385BA-0E35-474E-A79C-AAD6319D6706}C:\users\noah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\noah\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{576B4FFD-269C-4D15-8A90-A9FD3503E315}C:\users\noah\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\noah\appdata\local\akamai\netsession_win.exe
FirewallRules: [{4AD05829-84EF-4BF1-B0B1-9F584E5C0CA0}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{2CE44441-45A2-42A0-BAA8-5D629FC8228B}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{8A235C9C-D639-49C5-A4EE-2EBFC86A4A57}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{057279CF-8C3D-41F5-A616-222B5CA5AAA8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{D7FB8002-4791-4D7B-B009-E22707F5887B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C06A9371-21EE-4271-B69B-552C6D4B8915}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{98FC6BBF-B96E-4FD1-A58F-78CCD1B6A8B7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{83B37067-B3ED-4DE9-8B32-23A0EE636964}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{195B2B63-9625-4269-9327-10236D68B1F9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{70F40BD7-11F1-4F97-8906-91D190C6F30F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{467FC296-A597-4643-8CCB-9F33D114CE5B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6063A904-C093-4570-81D6-6201DBB4607C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87648686-295F-4E4F-9066-B33C80F900C1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB70FFDE-E7F4-4F7D-B53F-C9CB2D4724C8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{62B62777-02F5-4218-A285-509F6E17BD37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{A7CEDD88-0D9B-4E04-A1C1-4D42607D9E34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{F400A91E-07A1-4DAE-AC77-80CA6F75BA34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{ABAA00E6-55B4-4C63-982D-9E94B33BCC18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{DBCA2272-74DE-4146-9F2D-10DB12E581B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaiderZ\Raiderz Launcher.exe
FirewallRules: [{F06D4AC2-3488-42E6-91A1-ACA72C49457B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaiderZ\Raiderz Launcher.exe
FirewallRules: [TCP Query User{250ABFDE-A54B-4D77-9D67-B22C91DF43BC}C:\users\noah\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\noah\desktop\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [UDP Query User{8C88971C-C78E-48E3-BE98-F4C270E544F6}C:\users\noah\desktop\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\noah\desktop\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [{F28C2C6D-350C-41E5-ADFC-A4A9285D9F8A}] => (Allow) LPort=8317
FirewallRules: [{C727AAD4-8AAB-4899-BAFE-A3AAB1178817}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{52E38048-69DC-4404-9A29-7EB2BCF94D74}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E2D1D93F-2E4D-4ED1-B91C-8B48A88DBAAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D033C316-68B0-4520-92FD-721FE087B4B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20721B27-0FFC-4886-A2F5-6338035E8824}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{1F9F6252-CCC0-4A40-A073-89C7CBC416DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldevin\Eldevin.exe
FirewallRules: [{D4E85181-23E1-473F-9942-21AFD71BB513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eldevin\Eldevin.exe
FirewallRules: [{43F011C2-55D3-4843-B4C2-45EF814FA56F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadbreed\Deadbreed.exe
FirewallRules: [{CD49E157-966E-408D-849A-3B3E800391ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadbreed\Deadbreed.exe
FirewallRules: [{2F19AAB8-2E4B-4CD8-891D-32FFECA016B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{2A1FEAC5-6B86-46BD-859C-E57243B1D706}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SKILL\DFUBG.exe
FirewallRules: [{184E3E0F-F3A5-4A78-A2BA-CF1D9D359A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{E59981F4-AA25-4FF3-B5EE-BDF5E83F2969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{DA71AB85-1D23-43C2-98CF-19331D737618}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{C7F1B56B-D192-4272-9566-3B3BAE992A52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{565D1B8B-B0D3-43B6-BCAB-51AE1D3AC890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{A6CC085B-B2FF-45EA-B8EB-FCCC9365C8E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{DA679AAF-796A-4AD8-BD65-28259176DC3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{07231042-A573-46FF-9E51-E790E17FA2D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2015 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79524801

Error: (06/21/2015 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79524801

Error: (06/21/2015 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2015 01:56:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79523803

Error: (06/21/2015 01:56:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79523803

Error: (06/21/2015 01:56:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2015 01:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79522804

Error: (06/21/2015 01:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79522804

Error: (06/21/2015 01:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2015 01:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79521790


System errors:
=============
Error: (06/21/2015 01:56:51 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/20/2015 03:35:03 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/20/2015 03:19:30 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/20/2015 03:14:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/20/2015 01:33:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/20/2015 01:33:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/19/2015 08:47:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIANNA-HP    :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.81
registriert werden. Der Computer mit IP-Adresse 169.254.51.146 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (06/19/2015 08:47:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "JULIANNA-HP    :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.81
registriert werden. Der Computer mit IP-Adresse 169.254.51.146 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (06/19/2015 08:47:08 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{04D98104-F5D8-48A6-8DD5-582A6339636A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (06/19/2015 08:47:08 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office:
=========================
Error: (06/21/2015 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79524801

Error: (06/21/2015 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79524801

Error: (06/21/2015 01:56:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2015 01:56:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79523803

Error: (06/21/2015 01:56:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79523803

Error: (06/21/2015 01:56:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2015 01:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79522804

Error: (06/21/2015 01:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 79522804

Error: (06/21/2015 01:56:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/21/2015 01:56:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 79521790


CodeIntegrity Errors:
===================================
  Date: 2012-12-26 19:46:40.167
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-26 19:46:40.152
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-26 19:46:40.152
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-26 19:46:40.136
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-26 19:46:40.136
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-26 19:46:40.136
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-25 13:26:48.771
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-25 13:26:48.771
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-25 13:26:48.755
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-25 13:26:48.739
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Percentage of memory in use: 63%
Total physical RAM: 3994.36 MB
Available physical RAM: 1457.09 MB
Total Pagefile: 7986.92 MB
Available Pagefile: 4636.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.66 GB) (Free:266.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:23.8 GB) (Free:2.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 51EB5ADF)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================
--- --- ---


Lieber Schrauber, ich weiss ich sollte nichts machen was nicht von Euch angewiesen war, woran ich mich auch strikt halte.
Ich poste hier jedoch trotzdem das Malwarebytes Logfile, da dieses ohnehin schon vorlag, da ich Logfile vor dem Erstellen des Treads schon erstellt habe.
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.06.2015
Suchlauf-Zeit: 14:43:13
Logdatei: Log_Malwarebyte.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.20.01
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Julianna

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 459313
Verstrichene Zeit: 1 Std, 4 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 20
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.PositiveFinds.SID.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Positive Finds, , [876abc00d3b7cd693cc6ed980ef8e818],
PUP.Optional.PositiveFinds.A, HKLM\SOFTWARE\WOW6432NODE\PositiveFinds, , [ea07b4086b1f9b9ba48f22e0828222de],
PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [5c959428bad0fc3a3975f69c28dd08f8],
PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1001\SOFTWARE\WeDlMngr, , [da1775472664c67090b6928d9e66966a],
PUP.Optional.Ask.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D0A11A8C-EDB7-4753-A352-9ABF15112206}, , [559c76469feb9d999666a7ea71947987],
PUP.Optional.Ask.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0EE02051-EA79-4710-90BD-49DEB1348F69}, , [8d64b507b5d591a5d428fd94798c629e],

Registrierungswerte: 2
PUP.Optional.Ask.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D0A11A8C-EDB7-4753-A352-9ABF15112206}|SuggestionsURL_JSON, hxxp://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}, , [559c76469feb9d999666a7ea71947987]
PUP.Optional.Ask.A, HKU\S-1-5-21-772145797-1672311722-2663458744-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0EE02051-EA79-4710-90BD-49DEB1348F69}|SuggestionsURL_JSON, hxxp://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}, , [8d64b507b5d591a5d428fd94798c629e]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 4
PUP.Optional.DataMngr.A, C:\ProgramData\Datamngr, , [9859506cf397c175876833b25ca7fa06],
PUP.Optional.FindPositive.A, C:\Program Files (x86)\Positive Finds, , [11e04973d9b1c4725ab7f2fa966d9c64],
PUP.Optional.FindPositive.A, C:\Program Files (x86)\Positive Finds\Extensions, , [11e04973d9b1c4725ab7f2fa966d9c64],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [23cee8d41a70bd79e6778f6436cd16ea],

Dateien: 11
PUP.Optional.FindPositive.A, C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.FindPositive.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, , [ea075e5edcae9d99225a531a3fc4e31d],
PUP.Optional.PositiveFinds.SID.A, C:\Users\Julianna\AppData\Roaming\RHEng\53F33DD6AAFE49CB8C3EE90C2298C3A6\setup0116.exe, , [24cdd2eaa6e4db5b60a2a6df5fa7f709],
PUP.Optional.PositiveFinds.SID.A, C:\Program Files (x86)\Positive Finds\Uninstaller.exe, , [876abc00d3b7cd693cc6ed980ef8e818],
PUP.Optional.APNToolBar.A, C:\Users\Julianna\AppData\Local\Temp\offercast.exe, , [727f6e4e1278fe381a1a1353ec1656aa],
PUP.Optional.PositiveFinds.SID.A, C:\Users\Julianna\AppData\Local\Temp\PositiveFinds\Setup.exe, , [01f05666781258debe44a8dda5619c64],
PUP.Optional.Bandoo.A, C:\Users\Noah\AppData\Local\Temp\nsz954.tmp\Helper.dll, , [579a79438307999d1136087d9a6c35cb],
PUP.Optional.Bandoo.A, C:\Users\Noah\AppData\Local\Temp\nse5B1C.tmp\Helper.dll, , [b73a6f4dd5b5db5b083f4f36d036d32d],
PUP.Optional.PositiveFinds.A, C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\zuzxzy1r.default\extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi, , [f6fb18a4a4e696a0f1e98e71897a5da3],
PUP.Optional.FindPositive.A, C:\Program Files (x86)\Positive Finds\7za.exe, , [11e04973d9b1c4725ab7f2fa966d9c64],
PUP.Optional.FindPositive.A, C:\Program Files (x86)\Positive Finds\Extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi, , [11e04973d9b1c4725ab7f2fa966d9c64],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

schrauber 22.06.2015 06:38
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Positive Finds

    Softonic for Windows


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131