Trojaner-Board - Lappi keine Desktopsymbole mehr und zweite HDD pfad weg

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015

Ran by Nutzer (administrator) on NUTZER-PC on 12-07-2015 12:42:45

Running from F:\

Loaded Profiles: Nutzer (Available Profiles: Nutzer)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe

(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-07] (Bitdefender)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKU\S-1-5-21-122737808-375870146-1364029928-1000\...\Run: [Bitdefender-Geldb�rse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-26] (Bitdefender)

ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)

ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)

ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)

ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-122737808-375870146-1364029928-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-122737808-375870146-1364029928-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-26] (Bitdefender)

BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll [2014-11-18] ()

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation)

BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-26] (Bitdefender)

BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll [2014-11-18] ()

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-20] (Atheros Commnucations)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation)

Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-26] (Bitdefender)

Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-26] (Bitdefender)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{DBC745D5-0E05-43D3-A3F3-83B7C6A38385}: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\ky6m0sno.default

FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-12] ()

FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-12] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2014-06-19] (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-12]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-01-09]

FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-01-09]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

FF HKU\S-1-5-21-122737808-375870146-1364029928-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\ky6m0sno.default\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-21] (Bitdefender)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)

S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)

R2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-07] (Bitdefender)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-26] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-26] (BitDefender)

S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-26] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-26] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-26] (BitDefender SRL)

R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-07] (BitDefender LLC)

R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [327720 2008-04-29] (Silicon Image, Inc)

R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2008-04-29] (Silicon Image, Inc.)

R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2008-04-29] (Silicon Image, Inc.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-07-12 12:42 - 2015-07-12 12:42 - 00000000 ____D C:\FRST

2015-07-12 09:40 - 2015-07-12 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-07-11 21:59 - 2015-07-11 21:59 - 00000000 ____D C:\Program Files\Common Files\ODBC

2015-07-05 18:17 - 2015-07-05 18:17 - 00000000 ____D C:\Users\Nutzer\Alte Firefox-Daten

2015-07-01 11:19 - 2015-04-27 21:23 - 01480192 ____N (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-07-01 11:19 - 2015-04-27 21:23 - 00229376 ____N (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-07-01 11:19 - 2015-04-27 21:05 - 00179200 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-07-01 11:19 - 2015-04-27 21:04 - 01174528 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-06-16 09:30 - 2015-06-23 15:12 - 00000319 _____ C:\Users\World_of_Tanks\version.xml

2015-06-12 21:24 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-06-12 21:24 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-06-12 21:24 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-06-12 21:24 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-06-12 21:24 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-06-12 21:24 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-06-12 21:24 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-06-12 21:24 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-06-12 21:24 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-06-12 21:24 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-06-12 21:24 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-06-12 21:24 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-06-12 21:24 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-06-12 21:24 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-06-12 21:24 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-06-12 21:24 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-06-12 21:24 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-06-12 21:24 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-06-12 21:24 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-06-12 21:24 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-06-12 21:24 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-06-12 21:24 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-06-12 21:24 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-06-12 21:24 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-06-12 21:24 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-06-12 21:24 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-06-12 21:24 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-06-12 21:24 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-06-12 21:24 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-06-12 21:24 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-06-12 21:24 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-06-12 21:24 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-06-12 21:24 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-06-12 21:24 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-06-12 21:24 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-06-12 21:24 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-06-12 21:24 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-06-12 21:24 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-06-12 21:24 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-06-12 21:24 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-06-12 21:24 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-06-12 21:24 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-06-12 21:24 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-06-12 21:24 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-06-12 21:24 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-06-12 21:24 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-06-12 21:24 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-06-12 21:24 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-06-12 21:24 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-06-12 21:24 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-06-12 21:24 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-06-12 21:24 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-06-12 21:24 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-06-12 21:24 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-06-12 21:24 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-06-12 21:24 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-06-12 21:24 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-06-12 21:24 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-06-12 21:24 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-06-12 21:24 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-06-12 21:24 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-06-12 21:24 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-06-12 21:24 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-06-12 21:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-06-12 21:24 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-06-12 21:24 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-06-12 21:24 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-06-12 21:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-06-12 21:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-06-12 21:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-06-12 21:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-06-12 21:24 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-06-12 21:24 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-07-12 12:42 - 2014-09-26 14:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-12 12:42 - 2014-09-26 13:53 - 00000000 ____D C:\ProgramData\boost_interprocess

2015-07-12 12:41 - 2014-08-30 10:48 - 00038653 _____ C:\Windows\setupact.log

2015-07-12 12:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-12 12:39 - 2010-11-21 08:50 - 00698926 _____ C:\Windows\system32\perfh007.dat

2015-07-12 12:39 - 2010-11-21 08:50 - 00149034 _____ C:\Windows\system32\perfc007.dat

2015-07-12 12:39 - 2009-07-14 07:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-12 12:39 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-12 12:39 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-12 12:38 - 2014-08-27 18:18 - 01348071 _____ C:\Windows\WindowsUpdate.log

2015-07-12 12:37 - 2014-09-26 14:30 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-12 12:36 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2015-07-12 12:34 - 2014-09-26 13:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-07-12 12:34 - 2010-11-21 05:47 - 00020678 _____ C:\Windows\PFRO.log

2015-07-12 12:13 - 2014-09-26 14:39 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\Skype

2015-07-12 12:12 - 2015-05-16 19:44 - 00038474 _____ C:\Users\World_of_Tanks\xvm.log

2015-07-12 12:12 - 2015-05-15 09:37 - 00211901 _____ C:\Users\World_of_Tanks\python.log

2015-07-12 12:12 - 2015-05-15 09:37 - 00010458 _____ C:\Users\World_of_Tanks\Influx_PS.log

2015-07-12 11:44 - 2014-08-27 18:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-12 09:32 - 2014-09-26 14:39 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-07-12 09:32 - 2014-09-26 14:39 - 00000000 ____D C:\ProgramData\Skype

2015-07-12 08:50 - 2015-05-15 09:38 - 00000000 ____D C:\Users\World_of_Tanks\replays

2015-07-12 08:50 - 2015-05-14 19:13 - 00014242 _____ C:\Users\World_of_Tanks\WoTLauncher.log

2015-07-12 08:50 - 2015-05-14 19:11 - 00000000 ____D C:\Users\World_of_Tanks

2015-07-12 08:46 - 2015-05-14 19:13 - 00000355 _____ C:\Users\World_of_Tanks\app_type.xml

2015-07-12 08:46 - 2015-05-14 19:13 - 00000000 ____D C:\Users\World_of_Tanks\UpdatesData

2015-07-12 08:46 - 2015-05-14 19:13 - 00000000 ____D C:\Users\World_of_Tanks\Updates

2015-07-12 08:46 - 2015-05-14 19:11 - 00000689 _____ C:\Users\World_of_Tanks\WoTLauncher.cfg

2015-07-12 08:45 - 2014-08-27 18:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-07-12 08:45 - 2014-08-27 18:32 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-07-12 08:45 - 2014-08-27 18:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-07-12 00:27 - 2015-05-15 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2015-07-12 00:27 - 2015-05-14 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks

2015-07-12 00:27 - 2015-04-07 22:32 - 00000000 ___SD C:\Windows\system32\GWX

2015-07-12 00:27 - 2015-04-03 20:04 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader

2015-07-12 00:27 - 2015-04-03 20:01 - 00000000 ____D C:\Users\Nutzer\AppData\Local\JDownloader 2.0

2015-07-12 00:27 - 2015-02-15 21:29 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander

2015-07-12 00:27 - 2015-02-15 21:29 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\GHISLER

2015-07-12 00:27 - 2015-02-15 21:29 - 00000000 ____D C:\totalcmd

2015-07-12 00:27 - 2015-01-24 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

2015-07-12 00:27 - 2015-01-09 11:56 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\DesktopIconForAmazon

2015-07-12 00:27 - 2015-01-09 11:56 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\Cliqz

2015-07-12 00:27 - 2014-12-10 13:10 - 00000000 ____D C:\Windows\system32\appraiser

2015-07-12 00:27 - 2014-12-06 22:51 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks

2015-07-12 00:27 - 2014-09-26 13:46 - 00000000 ___RD C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2015-07-12 00:27 - 2014-09-26 13:41 - 00000000 ____D C:\Windows\pss

2015-07-12 00:27 - 2014-08-27 18:41 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-07-12 00:27 - 2014-08-27 18:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2015-07-12 00:27 - 2014-08-27 18:32 - 00000000 ____D C:\Windows\system32\Macromed

2015-07-12 00:27 - 2014-08-27 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-07-12 00:27 - 2014-08-27 18:30 - 00000000 ____D C:\Program Files (x86)\Java

2015-07-12 00:27 - 2014-08-27 18:26 - 00000000 ____D C:\Users\Nutzer\AppData\Roaming\vlc

2015-07-12 00:27 - 2014-08-27 18:18 - 00000000 ___RD C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-07-12 00:27 - 2014-08-27 18:18 - 00000000 ___RD C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-07-12 00:27 - 2014-08-27 18:18 - 00000000 ____D C:\Users\Nutzer

2015-07-12 00:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

2015-07-12 00:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2015-07-12 00:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration

2015-07-11 23:55 - 2014-08-27 19:07 - 00000000 ____D C:\ProgramData\Oracle

2015-07-11 23:55 - 2014-08-27 18:30 - 00000000 ____D C:\Program Files\Java

2015-07-11 23:55 - 2010-11-21 09:00 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-07-11 22:56 - 2014-12-10 20:45 - 00007608 _____ C:\Users\Nutzer\AppData\Local\Resmon.ResmonCfg

2015-07-09 17:31 - 2015-05-15 09:37 - 00015128 _____ C:\Users\World_of_Tanks\Influx_PS.bak

2015-07-09 16:01 - 2015-05-14 19:13 - 00042354 _____ C:\Users\World_of_Tanks\WoTLauncher.log.bak

2015-07-05 09:53 - 2014-12-23 12:34 - 00000000 ____D C:\Users\Nutzer\AppData\Local\CrashDumps

2015-07-02 08:41 - 2014-08-27 18:25 - 00000000 ____D C:\Users\Nutzer\AppData\Local\Adobe

2015-06-25 20:36 - 2015-01-09 12:45 - 00000686 ____H C:\bdr-cf01

2015-06-25 20:04 - 2015-05-12 19:19 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics

2015-06-24 09:40 - 2015-05-14 19:11 - 10047752 _____ (Wargaming.net) C:\Users\World_of_Tanks\WoTLauncher.exe

2015-06-24 09:40 - 2015-05-14 19:11 - 00109832 _____ C:\Users\World_of_Tanks\librsync.dll

2015-06-23 13:45 - 2015-05-14 19:11 - 00212232 _____ (Indigo Rose Corporation) C:\Users\World_of_Tanks\DeltaMAX.dll

2015-06-23 13:45 - 2015-05-14 19:11 - 00174080 _____ (Igor Pavlov) C:\Users\World_of_Tanks\7z.dll

2015-06-17 10:28 - 2015-06-04 12:29 - 23460232 _____ (TomTom International B.V.) C:\Users\Nutzer\Downloads\InstallMyDriveConnect.exe

2015-06-17 10:01 - 2014-12-06 20:43 - 00000000 __SHD C:\Users\Nutzer\AppData\Local\EmieBrowserModeList

2015-06-17 10:01 - 2014-08-27 19:38 - 00000000 __SHD C:\Users\Nutzer\AppData\Local\EmieUserList

2015-06-17 10:01 - 2014-08-27 19:38 - 00000000 __SHD C:\Users\Nutzer\AppData\Local\EmieSiteList

2015-06-12 21:47 - 2009-07-14 06:45 - 00323904 _____ C:\Windows\system32\FNTCACHE.DAT

2015-06-12 21:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-06-12 21:34 - 2014-08-27 19:01 - 00000000 ____D C:\Windows\system32\MRT

2015-06-12 21:28 - 2014-08-27 19:01 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

==================== Files in the root of some directories =======
 

2015-06-25 04:10 - 2015-06-25 04:10 - 0033193 _____ () C:\Users\Nutzer\AppData\Roaming\UserTile.png

2014-12-10 20:45 - 2015-07-11 22:56 - 0007608 _____ () C:\Users\Nutzer\AppData\Local\Resmon.ResmonCfg

2015-06-07 10:06 - 2015-06-07 10:06 - 0000000 _____ () C:\Users\Nutzer\AppData\Local\{DBD092DC-DA28-4023-9BC1-8AAF822FAFE1}

2015-01-09 12:46 - 2015-01-09 12:46 - 1068751 _____ () C:\ProgramData\1420798835.bdinstall.bin

2015-04-07 19:42 - 2015-04-07 19:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Files to move or delete:

====================

C:\Users\World_of_Tanks\7z.dll

C:\Users\World_of_Tanks\DeltaMAX.dll

C:\Users\World_of_Tanks\fmodex.dll

C:\Users\World_of_Tanks\fmod_event_net.dll

C:\Users\World_of_Tanks\libcurl.dll

C:\Users\World_of_Tanks\librsync.dll

C:\Users\World_of_Tanks\libsndfile-1.dll

C:\Users\World_of_Tanks\msvcp110.dll

C:\Users\World_of_Tanks\msvcr110.dll

C:\Users\World_of_Tanks\NxCooking.dll

C:\Users\World_of_Tanks\ortp.dll

C:\Users\World_of_Tanks\PhysXLoader.dll

C:\Users\World_of_Tanks\unins000.dat

C:\Users\World_of_Tanks\unins000.exe

C:\Users\World_of_Tanks\unins001.dat

C:\Users\World_of_Tanks\unins001.exe

C:\Users\World_of_Tanks\uwApi.dll

C:\Users\World_of_Tanks\vivoxoal.dll

C:\Users\World_of_Tanks\vivoxplatform.dll

C:\Users\World_of_Tanks\vivoxsdk.dll

C:\Users\World_of_Tanks\voip.dll

C:\Users\World_of_Tanks\WorldOfTanks.exe

C:\Users\World_of_Tanks\WoTLauncher.exe

C:\Users\World_of_Tanks\zlib1.dll
 
 

Some files in TEMP:

====================

C:\Users\Nutzer\AppData\Local\Temp\SkypeSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-07-05 18:07
 

==================== End of log ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015

Ran by Nutzer at 2015-07-12 12:55:57

Running from F:\

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-122737808-375870146-1364029928-500 - Administrator - Disabled)

Gast (S-1-5-21-122737808-375870146-1364029928-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-122737808-375870146-1364029928-1002 - Limited - Enabled)

Nutzer (S-1-5-21-122737808-375870146-1364029928-1000 - Administrator - Enabled) => C:\Users\Nutzer
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1820 - CyberLink Corp.)

Acer Crystal Eye Webcam (x32 Version: 1.0.1820 - CyberLink Corp.) Hidden

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}) (Version: 12.1.3.153 - Adobe Systems, Inc)

Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)

AMD Catalyst Install Manager (HKLM\...\{EA4954FD-C685-1C7D-16F3-9BC2FD5E6BD3}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)

Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender)

Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)

CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)

Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.53 - Cliqz.com)

Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)

diclovit's mod pack 9.8.2 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 9.8.2 - diclovit)

DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )

League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden

LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)

Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)

MyDriveConnect 4.0.3.2180 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom)

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)

Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)

Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)

Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

World of Tanks (HKU\S-1-5-21-122737808-375870146-1364029928-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== Restore Points =========================
 

01-07-2015 11:19:53 Windows Update

05-07-2015 09:47:51 Removed Adobe Shockwave Player 12.1.

12-07-2015 00:24:19 Wiederherstellungsvorgang
 

==================== Hosts content: ===============================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {11A1D530-4EEA-4BD8-9A7D-555167F75BAD} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"

Task: {50969819-DFBF-41AE-898D-97A3000E1DC7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-12] (Adobe Systems Incorporated)

Task: {590399C0-0089-44F2-9DDA-15A46BE1053F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {5FF6D2E8-B32A-4602-B87A-F23355FFB95A} - System32\Tasks\{60A95B64-B301-42BB-85EE-FF30C332EC3E} => D:\World_of_Tanks\WoTLauncher.exe

Task: {8CAB2D76-C86E-4116-8474-388B9FF9B1A4} - System32\Tasks\{D047D4D0-0D4B-4125-8D8B-59413A43D50E} => D:\World_of_Tanks\WoTLauncher.exe

Task: {A55A19AB-0FE4-4D2B-B560-C5640C81D338} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {D728ED27-3AAE-4F79-B730-FED6067E6312} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {DFECFE53-74F4-47AB-AC3A-DC313EAA0006} - System32\Tasks\{30D01B51-9872-4B54-A330-D7EB5E7D1907} => D:\World_of_Tanks\WoTLauncher.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (Whitelisted) ==============
 

2015-01-09 12:44 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll

2015-01-09 12:44 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll

2015-01-09 12:45 - 2014-11-19 21:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui

2015-01-09 12:45 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll

2015-01-09 12:44 - 2014-08-27 17:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff\components\txmlutil.dll

2015-01-09 12:44 - 2015-02-26 10:29 - 00067808 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff\components\bdwtxff.dll

2015-06-04 13:19 - 2015-06-04 13:19 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll

2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 

AlternateDataStreams: C:\Users\Nutzer\Downloads\dmp_9.7.1_setup.exe:BDU

AlternateDataStreams: C:\Users\Nutzer\Downloads\dmp_9.8.0_setup.exe:BDU

AlternateDataStreams: C:\Users\Nutzer\Downloads\dmp_9.8.2_setup.exe:BDU

AlternateDataStreams: C:\Users\Nutzer\Downloads\InstallMyDriveConnect.exe:BDU

AlternateDataStreams: C:\Users\World_of_Tanks\WorldOfTanks.exe:AGC
 

==================== Safe Mode (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-122737808-375870146-1364029928-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.178.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [{3ADBF24F-58CE-43D8-83FB-6C4E34E701E0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{E7926FE9-FCB6-4B2D-B48B-493CCF4CD242}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe

FirewallRules: [UDP Query User{21471EAC-A0BA-4B55-9394-8D400D059F14}D:\world_of_tanks\wotlauncher.exe] => (Allow) D:\world_of_tanks\wotlauncher.exe

FirewallRules: [TCP Query User{8465CD92-DC03-46FA-8DB7-E1A9DD3A2EF2}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe

FirewallRules: [UDP Query User{49C61C36-95CE-4B75-8D31-1A1D9BB80913}D:\world_of_tanks\worldoftanks.exe] => (Allow) D:\world_of_tanks\worldoftanks.exe

FirewallRules: [TCP Query User{101FECA0-3731-4EEA-A5E1-5322F0D591D2}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [UDP Query User{73DADFDC-CD13-4B12-9E23-2A8D75AEAA50}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{4F4A3243-DB7A-4BFC-BC87-B7F3820743AF}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [UDP Query User{D859FF0F-369A-4362-AE52-C12AFBAE05F5}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [TCP Query User{33576555-FD65-4141-85F1-2DD7FF94ABC6}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [UDP Query User{346FEF23-86DB-47F4-ABC9-759D07F5E781}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{D3CAE98F-188C-4A28-A976-FB486C5BD700}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [UDP Query User{57F98BF8-4567-470A-9EBF-34F18D37963D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [{1AD4FD5A-E8C0-4197-8A4A-6F8E93E1E88C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{4194777B-2A2C-45EC-ADEE-A6B7A094C7C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{28B78B71-1845-44CB-8633-5837D7500616}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/12/2015 12:42:26 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 

Error: (07/12/2015 12:42:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 12:38:04 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm taskmgr.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: ac4
 

Startzeit: 01d0bc8ebbf865f8
 

Endzeit: 16
 

Anwendungspfad: C:\Windows\system32\taskmgr.exe
 

Berichts-ID: 07a50db9-2882-11e5-8fb0-1c7508fa646a
 

Error: (07/12/2015 12:37:51 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start
 

Error: (07/12/2015 12:37:27 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 7cc
 

Startzeit: 01d0bc8e6a4e79b7
 

Endzeit: 0
 

Anwendungspfad: C:\Windows\Explorer.EXE
 

Berichts-ID: f46b2b7f-2881-11e5-8fb0-1c7508fa646a
 

Error: (07/12/2015 12:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 08:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 08:39:02 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 6f4
 

Startzeit: 01d0bc6c1b230902
 

Endzeit: 12886
 

Anwendungspfad: C:\Windows\Explorer.EXE
 

Berichts-ID: a3830060-2860-11e5-8fe1-1c7508fa646a
 

Error: (07/12/2015 08:29:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 12:33:32 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (07/12/2015 12:43:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (07/12/2015 12:42:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%-2140993535
 

Error: (07/12/2015 12:42:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 

%%-2140993535
 

Error: (07/12/2015 12:42:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%-2140993535
 

Error: (07/12/2015 12:42:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 

%%-2140993535
 

Error: (07/12/2015 12:42:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801
 

Error: (07/12/2015 12:42:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801
 

Error: (07/12/2015 12:42:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%-2140993535
 

Error: (07/12/2015 12:42:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 

%%-2140993535
 

Error: (07/12/2015 12:42:06 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801
 
 

Microsoft Office:

=========================

Error: (07/12/2015 12:42:26 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestF:\esetsmartinstaller_deu (1).exe
 

Error: (07/12/2015 12:42:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 12:38:04 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: taskmgr.exe6.1.7601.17514ac401d0bc8ebbf865f816C:\Windows\system32\taskmgr.exe07a50db9-2882-11e5-8fb0-1c7508fa646a
 

Error: (07/12/2015 12:37:51 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: 
 

Error: (07/12/2015 12:37:27 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Explorer.EXE6.1.7601.175677cc01d0bc8e6a4e79b70C:\Windows\Explorer.EXEf46b2b7f-2881-11e5-8fb0-1c7508fa646a
 

Error: (07/12/2015 12:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 08:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 08:39:02 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Explorer.EXE6.1.7601.175676f401d0bc6c1b23090212886C:\Windows\Explorer.EXEa3830060-2860-11e5-8fe1-1c7508fa646a
 

Error: (07/12/2015 08:29:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/12/2015 12:33:32 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 42%

Total physical RAM: 4077.86 MB

Available physical RAM: 2342.73 MB

Total Virtual: 8153.93 MB

Available Virtual: 5633.36 MB
 

==================== Drives ================================
 

Drive c: (System SSD) (Fixed) (Total:111.79 GB) (Free:49.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive f: (WDO_MEDIA64) (Removable) (Total:29.42 GB) (Free:28.88 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3595BB10)

Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 1.
 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.4 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End of log ============================

--- --- ---

Code:

Logfile of random's system information tool 1.10 (written by random/random)

Run by Nutzer at 2015-07-12 20:19:49

Microsoft Windows 7 Home Premium  Service Pack 1

System drive C: has 50 GB (44%) free of 114 GB

Total RAM: 4078 MB (58% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:20:07, on 12.07.2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal
 

Running processes:

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe

F:\RSIT.exe

C:\Program Files (x86)\trend micro\Nutzer.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll

O2 - BHO: chipBHO - {7553EA3C-F8DA-4188-B7BC-956894EA54F5} - C:\Program Files (x86)\chip\Internet Explorer\chip32.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll

O3 - Toolbar: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o

O4 - HKCU\..\Run: [Bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
 

--

End of file - 8872 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
 

=========Mozilla firefox=========
 

ProfilePath - C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\ky6m0sno.default
 

prefs.js - "browser.search.suggest.enabled" -  false

prefs.js - "browser.search.useDBForOrder" -  "false"

prefs.js - "browser.startup.homepage" -  "about:home"
 

"bdwteff@bitdefender.com"=C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff\
 
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 17.0.0.191 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.40.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
 
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}]

Bitdefender-Geldbörse - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-26 394800]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}]

CHIP Best Deal BHO - C:\Program Files (x86)\chip\Internet Explorer\chip32.dll [2014-11-18 187512]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03 460712]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]

CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-20 60576]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01 1724032]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03 172968]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - Bitdefender-Geldbörse - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-26 394800]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-12-09 1025616]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-13 343168]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"=grpconv -o []
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender-Geldbörse-Agent"=C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [2015-02-26 790880]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv
 

======File associations======
 

.inf - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1

.ini - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - "C:\Windows\System32\WScript.exe" "%1" %*

.txt - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
 

======List of files/folders created in the last 1 month======
 

2015-07-12 20:19:49 ----D---- C:\rsit

2015-07-12 20:19:49 ----D---- C:\Program Files (x86)\trend micro

2015-07-12 19:58:31 ----D---- C:\EEK

2015-07-12 19:45:52 ----D---- C:\ProgramData\Malwarebytes

2015-07-12 19:45:52 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-12 19:39:32 ----D---- C:\AdwCleaner

2015-07-12 12:42:40 ----D---- C:\FRST

2015-07-12 09:40:09 ----D---- C:\Program Files (x86)\Mozilla Firefox

2015-07-12 09:32:26 ----SHD---- C:\Config.Msi

2015-07-01 11:19:43 ----N---- C:\Windows\SysWOW64\wintrust.dll

2015-07-01 11:19:43 ----N---- C:\Windows\SysWOW64\crypt32.dll
 

======List of files/folders modified in the last 1 month======
 

2015-07-12 20:20:05 ----D---- C:\Windows\Prefetch

2015-07-12 20:19:49 ----RD---- C:\Program Files (x86)

2015-07-12 20:01:57 ----D---- C:\Windows\System32

2015-07-12 20:01:57 ----D---- C:\Windows\inf

2015-07-12 20:01:41 ----D---- C:\Users\Nutzer\AppData\Roaming\Skype

2015-07-12 19:59:12 ----D---- C:\Windows\Temp

2015-07-12 19:55:35 ----D---- C:\ProgramData\boost_interprocess

2015-07-12 19:54:58 ----D---- C:\Windows\IME

2015-07-12 19:53:36 ----A---- C:\bdlog.txt

2015-07-12 19:53:26 ----HD---- C:\ProgramData

2015-07-12 12:55:58 ----D---- C:\Windows

2015-07-12 12:34:32 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2015-07-12 11:05:46 ----SHD---- C:\System Volume Information

2015-07-12 09:32:30 ----SHD---- C:\Windows\Installer

2015-07-12 09:32:27 ----RD---- C:\Program Files (x86)\Skype

2015-07-12 09:32:24 ----D---- C:\ProgramData\Skype

2015-07-12 08:45:05 ----D---- C:\Windows\SysWOW64

2015-07-12 08:45:01 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-07-12 00:45:43 ----D---- C:\Windows\winsxs

2015-07-12 00:27:11 ----D---- C:\Program Files (x86)\Java

2015-07-12 00:27:11 ----D---- C:\Program Files (x86)\Common Files\Skype

2015-07-12 00:27:11 ----D---- C:\Program Files (x86)\Common Files

2015-07-12 00:27:10 ----D---- C:\totalcmd

2015-07-12 00:27:08 ----SD---- C:\Users\Nutzer\AppData\Roaming\Microsoft

2015-07-12 00:27:08 ----D---- C:\Windows\rescache

2015-07-12 00:27:08 ----D---- C:\Windows\pss

2015-07-12 00:27:08 ----D---- C:\Windows\AppPatch

2015-07-12 00:27:08 ----D---- C:\Users\Nutzer\AppData\Roaming\vlc

2015-07-12 00:27:08 ----D---- C:\Users\Nutzer\AppData\Roaming\GHISLER

2015-07-12 00:27:08 ----D---- C:\Users\Nutzer\AppData\Roaming\Cliqz

2015-07-12 00:27:07 ----D---- C:\Windows\Tasks

2015-07-12 00:27:07 ----D---- C:\Windows\SysWOW64\Macromed

2015-07-12 00:27:07 ----D---- C:\Windows\SysWOW64\de-DE

2015-07-12 00:27:06 ----D---- C:\Windows\registration

2015-07-11 23:55:10 ----D---- C:\ProgramData\Oracle

2015-07-01 09:23:19 ----D---- C:\Windows\Logs
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 avc3;avc3; C:\Windows\system32\DRIVERS\avc3.sys []

R0 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys []

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []

R0 Si3114r5;SiI-3114 SoftRaid 5 Controller; C:\Windows\system32\DRIVERS\Si3114r5.sys []

R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys []

R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys []

R0 trufos;trufos; C:\Windows\system32\DRIVERS\trufos.sys []

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2015-02-26 93600]

R1 bdfwfpf;bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-29 107080]

R1 BDVEDISK;BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys []

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []

R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys []

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []

R3 avchv;avchv Function Driver; C:\Windows\system32\DRIVERS\avchv.sys []

R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys []

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []

R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys []

R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys []

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys []

S3 avckf;avckf; C:\Windows\system32\DRIVERS\avckf.sys []

S3 bdfwfpf_pc;bdfwfpf_pc; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 121928]

S3 BDSandBox;BDSandBox; \??\C:\Windows\system32\drivers\bdsandbox.sys []

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []

S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []

S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys []
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []

R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]

R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]

R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]

R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-09 311376]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]

R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-12-11 292568]

R2 UPDATESRV;Bitdefender Desktop Update Service; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-10-27 67320]

R2 vsserv;Bitdefender Virus Shield; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [2015-04-07 1547936]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-10 57344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25 107912]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]

S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-12 268464]

S3 BdDesktopParental;Bitdefender Desktop Parental Control; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2015-01-21 78144]

S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25 107912]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-12 148136]

S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

S4 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

S4 SafeBox;SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2013-07-08 94624]
 

-----------------EOF-----------------

[CODE]info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.10 2015-07-12 20:20:08
 

======MBR======
 

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A10BB953500008001010007FEFFFF3F0000008237F90D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
 

======Uninstall list======
 

7-Zip 9.20-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"

Acer Crystal Eye Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

Acer Crystal Eye Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

Acer ePower Management-->"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0007 -removeonly

Adobe Flash Player 17 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_191_Plugin.exe -maintain plugin

Adobe Flash Player 18 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_203_ActiveX.exe -maintain activex

Adobe Reader XI (11.0.11) - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AB0000000001}

Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}

Adobe Shockwave Player 12.1-->MsiExec.exe /X{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0007 -removeonly

Catalyst Control Center - Branding-->MsiExec.exe /I{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}

CHIP Best Deal-->MsiExec.exe /X{7553EA3C-F8DA-4188-B7BC-956894EA54F5}

Cliqz-->"C:\Users\Nutzer\AppData\Roaming\Cliqz\unins000.exe"

diclovit's mod pack 9.8.2-->"C:\Users\World_of_Tanks\unins001.exe"

Google Earth-->MsiExec.exe /I{817750FA-EC6A-485D-9901-0683AE6FFDF1}

Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Java 8 Update 40-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218040F0}

Launch Manager-->C:\Windows\UNINSTLMv4.EXE LMv4.UNI

League of Legends-->msiexec.exe /x {517CC397-B22F-4593-8DCB-DE72CC541E9A}

League of Legends-->MsiExec.exe /X{517CC397-B22F-4593-8DCB-DE72CC541E9A}

LibreOffice 4.3.0.4-->MsiExec.exe /I{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}

Malwarebytes Anti-Malware Version 2.1.6.1022-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830-->"C:\ProgramData\Package Cache\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}\vcredist_x64.exe"  /uninstall

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830-->"C:\ProgramData\Package Cache\{9dba0447-b749-41ea-90bc-2aa19a9eb580}\vcredist_x86.exe"  /uninstall

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830-->MsiExec.exe /X{F68B404C-0E04-337F-A132-796508EE337A}

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830-->MsiExec.exe /X{50AF8559-F490-381F-A6E7-06A07DE227DC}

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005-->"C:\ProgramData\Package Cache\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}\vcredist_x64.exe"  /uninstall

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe"  /uninstall

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}

Mozilla Firefox 39.0 (x86 de)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MyDriveConnect 4.0.3.2180-->C:\Program Files (x86)\MyDrive Connect\Uninstall TomTom MyDrive Connect.exe

Qualcomm Atheros Fast Reconnect-->"C:\Program Files (x86)\InstallShield Installation Information\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}\setup.exe" -runfromtemp -l0x0407  -removeonly

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly

Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0407  -removeonly

Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}

Skype Click to Call-->MsiExec.exe /X{6D1221A9-17BF-4EC0-81F2-27D30EC30701}

Skype™ 7.6-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}

Visual Studio C++ 10.0 Runtime-->MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790}

VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
 

======System event log======
 

Computer Name: Nutzer-PC

Event Code: 57

Message: Die Daten konnten nicht in das Transaktionsprotokoll verschoben werden. Die Daten sind möglicherweise beschädigt.

Record Number: 182982

Source Name: Ntfs

Time Written: 20150608171536.179763-000

Event Type: Warnung

User: 
 

Computer Name: Nutzer-PC

Event Code: 57

Message: Die Daten konnten nicht in das Transaktionsprotokoll verschoben werden. Die Daten sind möglicherweise beschädigt.

Record Number: 182981

Source Name: Ntfs

Time Written: 20150608171522.695992-000

Event Type: Warnung

User: 
 

Computer Name: Nutzer-PC

Event Code: 57

Message: Die Daten konnten nicht in das Transaktionsprotokoll verschoben werden. Die Daten sind möglicherweise beschädigt.

Record Number: 182980

Source Name: Ntfs

Time Written: 20150608171510.751309-000

Event Type: Warnung

User: 
 

Computer Name: Nutzer-PC

Event Code: 57

Message: Die Daten konnten nicht in das Transaktionsprotokoll verschoben werden. Die Daten sind möglicherweise beschädigt.

Record Number: 182979

Source Name: Ntfs

Time Written: 20150608171458.474607-000

Event Type: Warnung

User: 
 

Computer Name: Nutzer-PC

Event Code: 57

Message: Die Daten konnten nicht in das Transaktionsprotokoll verschoben werden. Die Daten sind möglicherweise beschädigt.

Record Number: 182978

Source Name: Ntfs

Time Written: 20150608171446.884944-000

Event Type: Warnung

User: 
 

=====Application event log=====
 

Computer Name: 37L4247F27-25

Event Code: 5617

Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.

Record Number: 5

Source Name: Microsoft-Windows-WMI

Time Written: 20140827161521.000000-000

Event Type: Informationen

User: 
 

Computer Name: 37L4247F27-25

Event Code: 5615

Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.

Record Number: 4

Source Name: Microsoft-Windows-WMI

Time Written: 20140827161521.000000-000

Event Type: Informationen

User: 
 

Computer Name: 37L4247F27-25

Event Code: 1531

Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  
 
 

Record Number: 3

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20140827161521.314015-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: 37L4247F27-25

Event Code: 4625

Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.

Record Number: 2

Source Name: Microsoft-Windows-EventSystem

Time Written: 20140827161521.000000-000

Event Type: Informationen

User: 
 

Computer Name: 37L4247F27-25

Event Code: 1532

Message: Das Benutzerprofil wurde angehalten  
 
 

Record Number: 1

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20101121035831.124372-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Security event log=====
 

Computer Name: Nutzer-PC

Event Code: 5058

Message: Schlüsseldateivorgang.

Antragsteller:

    Sicherheits-ID:        S-1-5-19

    Kontoname:        LOKALER DIENST

    Kontodomäne:        NT-AUTORITÄT

    Anmelde-ID:        0x3e5
 

Kryptografische Parameter:

    Anbietername:        Microsoft Software Key Storage Provider

    Algorithmusname:    Nicht verfügbar.
 

Schlüsselname:    8ff988b3-4f55-4535-9cd9-696a3e718609

    Schlüsseltyp:    Computerschlüssel.
 

Informationen zum Schlüsseldateivorgang:

    Dateipfad:    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6934f58b89307653b277c382cb919e58_bca801f3-61bb-4219-bf59-f072209b2c48

    Vorgang:    Persistenten Schlüssel aus Datei lesen.

    Rückgabecode:    0x0

Record Number: 6871

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20141215121522.739499-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Nutzer-PC

Event Code: 5061

Message: Kryptografievorgang.
 

Antragsteller:

    Sicherheits-ID:    S-1-5-19

    Kontoname:    LOKALER DIENST

    Kontodomäne:    NT-AUTORITÄT

    Anmelde-ID:    0x3e5
 

Kryptografische Parameter:

    Anbietername:    Microsoft Software Key Storage Provider

    Algorithmusname:    RSA

    Schlüsselname:    8ff988b3-4f55-4535-9cd9-696a3e718609

    Schlüsseltyp:    Computerschlüssel.
 

Kryptografischer Vorgang:

    Vorgang:    Schlüssel öffnen.

    Rückgabecode:    0x0

Record Number: 6870

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20141215120927.728585-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Nutzer-PC

Event Code: 5058

Message: Schlüsseldateivorgang.

Antragsteller:

    Sicherheits-ID:        S-1-5-19

    Kontoname:        LOKALER DIENST

    Kontodomäne:        NT-AUTORITÄT

    Anmelde-ID:        0x3e5
 

Kryptografische Parameter:

    Anbietername:        Microsoft Software Key Storage Provider

    Algorithmusname:    Nicht verfügbar.
 

Schlüsselname:    8ff988b3-4f55-4535-9cd9-696a3e718609

    Schlüsseltyp:    Computerschlüssel.
 

Informationen zum Schlüsseldateivorgang:

    Dateipfad:    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6934f58b89307653b277c382cb919e58_bca801f3-61bb-4219-bf59-f072209b2c48

    Vorgang:    Persistenten Schlüssel aus Datei lesen.

    Rückgabecode:    0x0

Record Number: 6869

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20141215120927.728585-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Nutzer-PC

Event Code: 5061

Message: Kryptografievorgang.
 

Antragsteller:

    Sicherheits-ID:    S-1-5-19

    Kontoname:    LOKALER DIENST

    Kontodomäne:    NT-AUTORITÄT

    Anmelde-ID:    0x3e5
 

Kryptografische Parameter:

    Anbietername:    Microsoft Software Key Storage Provider

    Algorithmusname:    RSA

    Schlüsselname:    8ff988b3-4f55-4535-9cd9-696a3e718609

    Schlüsseltyp:    Computerschlüssel.
 

Kryptografischer Vorgang:

    Vorgang:    Schlüssel öffnen.

    Rückgabecode:    0x0

Record Number: 6868

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20141215120826.749097-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Nutzer-PC

Event Code: 5058

Message: Schlüsseldateivorgang.

Antragsteller:

    Sicherheits-ID:        S-1-5-19

    Kontoname:        LOKALER DIENST

    Kontodomäne:        NT-AUTORITÄT

    Anmelde-ID:        0x3e5
 

Kryptografische Parameter:

    Anbietername:        Microsoft Software Key Storage Provider

    Algorithmusname:    Nicht verfügbar.
 

Schlüsselname:    8ff988b3-4f55-4535-9cd9-696a3e718609

    Schlüsseltyp:    Computerschlüssel.
 

Informationen zum Schlüsseldateivorgang:

    Dateipfad:    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6934f58b89307653b277c382cb919e58_bca801f3-61bb-4219-bf59-f072209b2c48

    Vorgang:    Persistenten Schlüssel aus Datei lesen.

    Rückgabecode:    0x0

Record Number: 6867

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20141215120826.749097-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log

"windows_tracing_flags"=3

"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
 

-----------------EOF-----------------

--- --- ---

Code:

# AdwCleaner v4.208 - Bericht erstellt 12/07/2015 um 19:39:34

# Aktualisiert 09/07/2015 von Xplode

# Datenbank : 2015-07-11.1 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : Nutzer - NUTZER-PC

# Gestarted von : F:\AdwCleaner_4.208.exe

# Option : Suchlauf
 

***** [ Dienste ] *****
 

Dienst Gefunden : BdSandBox
 

***** [ Dateien / Ordner ] *****
 

Ordner Gefunden : C:\Program Files (x86)\DriverWhiz

Ordner Gefunden : C:\ProgramData\SafeWeb

Ordner Gefunden : C:\Users\Nutzer\AppData\Local\SafeWeb

Ordner Gefunden : C:\Users\Nutzer\AppData\Roaming\DesktopIconForAmazon
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DynConIE

Schlüssel Gefunden : HKCU\Software\Ciuvo

Schlüssel Gefunden : HKCU\Software\DriverWhiz

Schlüssel Gefunden : HKCU\Software\eSupport.com

Schlüssel Gefunden : HKCU\Software\OCS

Schlüssel Gefunden : HKCU\Software\Softonic

Schlüssel Gefunden : [x64] HKCU\Software\Ciuvo

Schlüssel Gefunden : [x64] HKCU\Software\DriverWhiz

Schlüssel Gefunden : [x64] HKCU\Software\eSupport.com

Schlüssel Gefunden : [x64] HKCU\Software\OCS

Schlüssel Gefunden : [x64] HKCU\Software\Softonic

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17840
 
 

-\\ Mozilla Firefox v39.0 (x86 de)
 

[ky6m0sno.default] - Zeile Gefunden : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

[ky6m0sno.default] - Zeile Gefunden : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1385922197840");

[ky6m0sno.default] - Zeile Gefunden : user_pref("extensions.toolbar.mindspark._gcMembers_.weather.location", "10001");

[ky6m0sno.default] - Zeile Gefunden : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");
 

*************************
 

AdwCleaner[R0].txt - [2636 Bytes] - [12/07/2015 19:39:34]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2695 Bytes] ##########

Code:

# AdwCleaner v4.208 - Bericht erstellt 12/07/2015 um 19:42:22

# Aktualisiert 09/07/2015 von Xplode

# Datenbank : 2015-07-11.1 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : Nutzer - NUTZER-PC

# Gestarted von : F:\AdwCleaner_4.208.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[x] Nicht Gelöscht : BdSandBox
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\SafeWeb

Ordner Gelöscht : C:\Program Files (x86)\DriverWhiz

Ordner Gelöscht : C:\Users\Nutzer\AppData\Local\SafeWeb

Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\DesktopIconForAmazon
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

Schlüssel Gelöscht : HKCU\Software\Ciuvo

Schlüssel Gelöscht : HKCU\Software\eSupport.com

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\DriverWhiz

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17840
 
 

-\\ Mozilla Firefox v39.0 (x86 de)
 

[ky6m0sno.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

[ky6m0sno.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._gcMembers_.lastActivePing", "1385922197840");

[ky6m0sno.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._gcMembers_.weather.location", "10001");

[ky6m0sno.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");
 

*************************
 

AdwCleaner[R0].txt - [2810 Bytes] - [12/07/2015 19:39:34]

AdwCleaner[S0].txt - [2500 Bytes] - [12/07/2015 19:42:22]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2559  Bytes] ##########

Code:

OTL logfile created on: 12.07.2015 20:34:00 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = F:\

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17843)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 56,02% Memory free

7,96 Gb Paging File | 5,52 Gb Available in Paging File | 69,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111,79 Gb Total Space | 48,70 Gb Free Space | 43,57% Space Free | Partition Type: NTFS

Drive F: | 29,42 Gb Total Space | 28,88 Gb Free Space | 98,17% Space Free | Partition Type: FAT32

 

Computer Name: NUTZER-PC | User Name: Nutzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - F:\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom)

PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Atheros)

PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\MyDrive Connect\quazip.dll ()

MOD - C:\Programme\Bitdefender\Bitdefender 2015\antispam32\bdwteff\components\bdwtxff.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll ()

MOD - C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll ()

MOD - C:\Programme\Bitdefender\Bitdefender 2015\antispam32\bdwteff\components\txmlutil.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (vsserv) -- C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (Bitdefender)

SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Bitdefender)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (BdDesktopParental) -- C:\Programme\Bitdefender\Bitdefender 2015\bdparentalservice.exe (Bitdefender)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SafeBox) -- C:\Programme\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)

SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Atheros)

SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)

SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)

DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)

DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)

DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)

DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)

DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)

DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)

DRV:64bit: - (Si3114r5) -- C:\Windows\SysNative\drivers\Si3114r5.sys (Silicon Image, Inc)

DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)

DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)

DRV - (bdfwfpf_pc) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys (Bitdefender SRL)

DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 95 E9 4B 13 C2 CF 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.countryCode: "AT"

FF - prefs.js..browser.search.isUS: false

FF - prefs.js..browser.search.region: "AT"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: "false"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: bdwteff%40bitdefender.com:2.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2015\BDTBEXT [2014.11.19 21:33:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bdwteff@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff\ [2014.11.19 21:33:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014.11.19 21:33:01 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\cliqz@cliqz.com: C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\ky6m0sno.default\extensions\cliqz@cliqz.com

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2014.09.26 13:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Extensions

[2015.07.11 23:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\ky6m0sno.default\extensions

[2015.07.05 18:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\oeu3cs8z.default-1436113027082\extensions

[2015.07.12 09:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2015.07.12 09:40:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014.11.19 21:33:44 | 000,000,000 | ---D | M] (Bitdefender Wallet) -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2015\ANTISPAM32\BDWTEFF

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Bitdefender-Geldbörse) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Programme\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)

O2:64bit: - BHO: (CHIP Best Deal BHO) - {7553EA3C-F8DA-4188-B7BC-956894EA54F5} - C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Bitdefender-Geldbörse) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Programme\Bitdefender\Bitdefender 2015\antispam32\pmbxie.dll (Bitdefender)

O2 - BHO: (CHIP Best Deal BHO) - {7553EA3C-F8DA-4188-B7BC-956894EA54F5} - C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Bitdefender-Geldbörse) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Programme\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)

O3 - HKLM\..\Toolbar: (Bitdefender-Geldbörse) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Programme\Bitdefender\Bitdefender 2015\antispam32\pmbxie.dll (Bitdefender)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Bitdefender)

O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Bitdefender-Geldbörse-Agent] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe (Bitdefender)

O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBC745D5-0E05-43D3-A3F3-83B7C6A38385}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2015.07.12 20:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro

[2015.07.12 20:19:49 | 000,000,000 | ---D | C] -- C:\rsit

[2015.07.12 19:58:32 | 000,135,800 | ---- | C] (Emsisoft GmbH) -- C:\Windows\SysNative\drivers\epp64.sys

[2015.07.12 19:58:31 | 000,000,000 | ---D | C] -- C:\EEK

[2015.07.12 19:46:15 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015.07.12 19:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2015.07.12 19:45:52 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2015.07.12 19:45:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2015.07.12 19:45:52 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2015.07.12 19:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2015.07.12 19:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2015.07.12 19:39:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2015.07.12 12:42:40 | 000,000,000 | ---D | C] -- C:\FRST

[2015.07.12 09:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2015.07.12 09:32:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2015.07.11 21:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2015.07.05 18:17:12 | 000,000,000 | ---D | C] -- C:\Users\Nutzer\Alte Firefox-Daten

[2015.07.01 11:19:43 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2015.07.01 11:19:43 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2015.06.12 21:24:48 | 014,635,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2015.06.12 21:24:48 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2015.06.12 21:24:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll

[2015.06.12 21:24:47 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2015.06.12 21:24:47 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2015.06.12 21:24:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll

[2015.06.12 21:24:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx

[2015.06.12 21:24:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll

[2015.06.12 21:24:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx

[2015.06.12 21:24:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll

[2015.06.12 21:24:42 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2015.06.12 21:24:37 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2015.06.12 21:24:37 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2015.06.12 21:24:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2015.06.12 21:24:37 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2015.06.12 21:24:37 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll

[2015.06.12 21:24:37 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2015.06.12 21:24:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2015.06.12 21:24:37 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2015.06.12 21:24:37 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2015.06.12 21:24:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2015.06.12 21:24:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2015.06.12 21:24:35 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2015.06.12 21:24:35 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2015.06.12 21:24:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2015.06.12 21:24:35 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2015.06.12 21:24:35 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2015.06.12 21:24:35 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2015.06.12 21:24:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2015.06.12 21:24:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2015.06.12 21:24:34 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2015.06.12 21:24:34 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2015.06.12 21:24:33 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2015.06.12 21:24:33 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2015.06.12 21:24:33 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2015.06.12 21:24:32 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2015.06.12 21:24:32 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2015.06.12 21:24:32 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2015.06.12 21:24:32 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2015.06.12 21:24:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2015.06.12 21:24:31 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2015.06.12 21:24:31 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2015.06.12 21:24:30 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2015.06.12 21:24:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2015.06.12 21:24:30 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2015.06.12 21:24:30 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2015.06.12 21:24:29 | 006,026,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2015.06.12 21:24:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2015.06.12 21:24:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2015.06.12 21:24:28 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2015.07.12 20:28:05 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2015.07.12 20:28:05 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2015.07.12 20:01:57 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2015.07.12 20:01:57 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2015.07.12 20:01:57 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2015.07.12 20:01:57 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2015.07.12 20:01:57 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2015.07.12 19:55:36 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015.07.12 19:55:34 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2015.07.12 19:55:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015.07.12 19:55:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015.07.12 19:45:55 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015.07.12 19:37:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015.07.12 18:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2015.07.12 08:45:01 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2015.07.12 08:45:01 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2015.07.11 22:56:17 | 000,007,608 | ---- | M] () -- C:\Users\Nutzer\AppData\Local\Resmon.ResmonCfg

[2015.06.25 20:36:24 | 000,000,686 | -H-- | M] () -- C:\bdr-cf01

[2015.06.25 20:04:02 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2015.06.25 04:10:07 | 000,033,193 | ---- | M] () -- C:\Users\Nutzer\AppData\Roaming\UserTile.png

[2015.06.18 00:27:18 | 000,135,800 | ---- | M] (Emsisoft GmbH) -- C:\Windows\SysNative\drivers\epp64.sys

[2015.06.17 10:29:31 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

[2015.06.12 21:47:42 | 000,323,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2015.07.12 19:45:55 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015.06.25 04:10:07 | 000,033,193 | ---- | C] () -- C:\Users\Nutzer\AppData\Roaming\UserTile.png

[2015.06.17 10:29:31 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

[2015.06.07 10:06:31 | 000,000,000 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\{DBD092DC-DA28-4023-9BC1-8AAF822FAFE1}

[2015.04.07 19:42:50 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2015.01.09 12:46:11 | 001,068,751 | ---- | C] () -- C:\ProgramData\1420798835.bdinstall.bin

[2015.01.09 11:56:56 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll

[2014.12.10 20:45:30 | 000,007,608 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\Resmon.ResmonCfg

[2014.09.26 13:53:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2014.09.26 13:53:03 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2014.09.26 13:52:49 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2014.08.27 18:33:06 | 001,199,175 | ---- | C] () -- C:\Windows\unins001.exe

[2014.08.27 18:33:06 | 000,021,731 | ---- | C] () -- C:\Windows\unins001.dat

[2014.08.27 18:33:04 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll

[2014.08.27 18:33:04 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\libpng15.dll

[2014.08.27 18:33:04 | 000,107,520 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[2014.08.27 18:33:03 | 001,198,049 | ---- | C] () -- C:\Windows\unins000.exe

[2014.08.27 18:33:03 | 000,010,822 | ---- | C] () -- C:\Windows\unins000.dat

[2014.08.27 18:31:13 | 001,592,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

Code:

OTL Extras logfile created on: 12.07.2015 20:34:00 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = F:\

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17843)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 56,02% Memory free

7,96 Gb Paging File | 5,52 Gb Available in Paging File | 69,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111,79 Gb Total Space | 48,70 Gb Free Space | 43,57% Space Free | Partition Type: NTFS

Drive F: | 29,42 Gb Total Space | 28,88 Gb Free Space | 98,17% Space Free | Partition Type: FAT32

 

Computer Name: NUTZER-PC | User Name: Nutzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B7CA393-7E09-41D0-A66B-A75791D6C7E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0E570E1A-0136-4DEB-AF15-8BFE5FE2EB5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2051C946-8AED-45AC-83CD-202D5F819073}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{36F39B58-43EC-4D41-950A-E65C6C0FA804}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{3E929816-876F-42CE-884B-C1BA014C1F11}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{43E57E78-2D8C-41DB-B573-FEFD67B9B2B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{4ADBA302-7586-4EA2-A013-010BE0062765}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4F85EB53-B245-4D75-A40B-7C39619ED336}" = rport=139 | protocol=6 | dir=out | app=system | 

"{5295C0AE-EF46-4F56-88CF-A00E8E74FB12}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{5B3454F4-E7B9-46A7-80CE-1CA7ECD8D6D3}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{6388BA6E-2762-4707-882F-585F7845C663}" = lport=139 | protocol=6 | dir=in | app=system | 

"{6619F4BF-59ED-4862-98E6-FDD5B42DAFEE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{683540C2-4FAA-45CE-A5E0-17B1D41B3660}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{69A133FE-B37C-4C45-B82B-928265098973}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{6C3887EA-A59B-4EDA-BE12-0EFF70B76C9E}" = rport=445 | protocol=6 | dir=out | app=system | 

"{828F2563-B276-4CA6-A2C6-7171497B0700}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8BF65296-49A4-4E5B-B7AB-F17D72437D80}" = lport=137 | protocol=17 | dir=in | app=system | 

"{8C9B3242-F1F3-42CE-B922-FC011D5E8EC0}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{94845F9A-AC4F-4516-B630-268876698CAC}" = rport=137 | protocol=17 | dir=out | app=system | 

"{9AA3543B-5BA5-4A02-BFF1-3518FEAE7B53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{A1132385-0DBE-4159-A82C-513A2C2BF115}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A19D2718-9A14-445B-9253-D8602DD4B2BF}" = lport=138 | protocol=17 | dir=in | app=system | 

"{AAB24061-5523-4E06-B398-2B51FA083E88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B80C99EE-FA73-49D9-8330-1B15F925CB69}" = rport=138 | protocol=17 | dir=out | app=system | 

"{BFCE31D3-2B96-4C73-A7EF-1EB46C596C3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D1E1319F-CEDD-4C5B-8B30-B0FC6C79247E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{D1EB5367-6678-428C-AFA1-E9083267FD9D}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D6BCE6ED-FD46-4E83-B5BF-756AB13EFAB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D8AD26F0-B619-4530-8B4E-1C8E46AAFFC6}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{E54B8540-1D26-4CA8-8E83-69A2A5A1887F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F81DBD12-DFF5-44F6-9244-6515E94E399E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{187C4503-1C41-4CAF-A6BB-CD76F33BDAC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{1AD4FD5A-E8C0-4197-8A4A-6F8E93E1E88C}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 

"{1B67F1D1-57A3-463E-AEF2-9D11F38E0D45}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1BABF890-6E21-4828-AF23-192423D869E4}" = protocol=6 | dir=out | app=system | 

"{2696346F-31CB-4B8C-A332-E8BE6A8425D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{28B78B71-1845-44CB-8633-5837D7500616}" = dir=in | app=c:\program files (x86)\winzip driver updater\winzipdu.exe | 

"{290FC692-9957-4B65-A337-C165B9EC4081}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2E37FE9A-CF33-48F0-BF38-1EC1E23632AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{33E53EFA-17A0-4318-AA38-DAC9946AAD80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{35BF0F7C-DEA3-4DD7-BCCF-FD5399F2D508}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{376F652E-7147-4455-9496-03AF1404DE9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{3ADBF24F-58CE-43D8-83FB-6C4E34E701E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{4194777B-2A2C-45EC-ADEE-A6B7A094C7C0}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 

"{4E08C688-38AA-40A9-BD7E-09C8876B9902}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{54A5865F-4427-405D-A457-3D90F56FF7F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{58AC4358-7045-4C28-B557-52B512050861}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{5A5B76EF-8004-47DC-BD0F-E59BE4F2690C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{66A8B178-816C-4B99-A39E-678B4B6DD849}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{75E05C41-4D8A-48E9-83B2-D7D5F1A4DA31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{7AFA4A78-83E0-467B-A7B6-4AB7634F88F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{7E0C60F5-0D93-41C9-8E52-110D8DF3CBC9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{85259374-7EAA-4D29-B0EF-10B3A8AF040F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{8A384148-F999-4122-8B4C-B8E1BE79C29A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{8A5BE3AC-6572-4D6B-8930-E74B8662E233}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{8B22B4B1-E082-48E8-AC33-CD99C08820BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AA773BF0-DC58-494E-B684-BD3FAA9741CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{101FECA0-3731-4EEA-A5E1-5322F0D591D2}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | 

"TCP Query User{33576555-FD65-4141-85F1-2DD7FF94ABC6}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | 

"TCP Query User{4F4A3243-DB7A-4BFC-BC87-B7F3820743AF}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | 

"TCP Query User{8465CD92-DC03-46FA-8DB7-E1A9DD3A2EF2}D:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe | 

"TCP Query User{D3CAE98F-188C-4A28-A976-FB486C5BD700}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | 

"TCP Query User{E7926FE9-FCB6-4B2D-B48B-493CCF4CD242}D:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe | 

"UDP Query User{21471EAC-A0BA-4B55-9394-8D400D059F14}D:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe | 

"UDP Query User{346FEF23-86DB-47F4-ABC9-759D07F5E781}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | 

"UDP Query User{49C61C36-95CE-4B75-8D31-1A1D9BB80913}D:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe | 

"UDP Query User{57F98BF8-4567-470A-9EBF-34F18D37963D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | 

"UDP Query User{73DADFDC-CD13-4B12-9E23-2A8D75AEAA50}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | 

"UDP Query User{D859FF0F-369A-4362-AE52-C12AFBAE05F5}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{083808D6-6235-37A8-82C1-98D226EB681F}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830

"{122B909F-9DCF-360E-91E7-0679E033FBE1}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}" = Microsoft .NET Framework 4.5.2 (DEU)

"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2

"{26A24AE4-039D-4CA4-87B4-2F86418040F0}" = Java 8 Update 40 (64-bit)

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch)

"{9A853BA3-28A2-99D5-B125-75891A08D26A}" = ccc-utility64

"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0

"{EA4954FD-C685-1C7D-16F3-9BC2FD5E6BD3}" = AMD Catalyst Install Manager

"Bitdefender" = Bitdefender Total Security 2015

"jdownloader2" = JDownloader 2

"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{0A81E705-4FF9-DC83-302D-50F3B847F77B}" = CCC Help Polish

"{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}" = Qualcomm Atheros Fast Reconnect

"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.6

"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40

"{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1" = diclovit's mod pack 9.8.2

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{314F6B36-C0B5-E70A-A8DC-E1A126552409}" = CCC Help Korean

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{42B25C20-2D3F-BEE2-3627-B13CC30BDB38}" = CCC Help Hungarian

"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime

"{479F7070-9F87-4A05-E1C3-E9B8781F75B3}" = CCC Help Czech

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A2AFE1D-59B9-0300-0052-21BA66BB2FF5}" = CCC Help Dutch

"{4C90AC57-A494-7E1A-57A6-6B53167BDC3C}" = CCC Help Chinese Standard

"{4fcf070a-daac-45e9-a8b0-6850941f7ed8}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

"{50AF8559-F490-381F-A6E7-06A07DE227DC}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830

"{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{546DB8EB-CA28-144F-AB99-1EE2D6A47342}" = CCC Help Japanese

"{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}" = Catalyst Control Center - Branding

"{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1" = Cliqz

"{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}" = LibreOffice 4.3.0.4

"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper

"{63A137AC-FD79-7A5E-3CD5-5605F74AB9E0}" = CCC Help Swedish

"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call

"{6F9B77F8-DF26-DB18-98B6-171225AA0CDD}" = CCC Help Thai

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74257E77-412D-ACF4-C279-82936D687083}" = CCC Help Russian

"{7553EA3C-F8DA-4188-B7BC-956894EA54F5}" = CHIP Best Deal

"{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}" = Adobe Shockwave Player 12.1

"{768C6D38-F6B8-F35C-1D4E-CE764B85B178}" = CCC Help Italian

"{817750FA-EC6A-485D-9901-0683AE6FFDF1}" = Google Earth

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87DDB284-DB4B-FC20-B78E-A66B008132BD}" = Catalyst Control Center Profiles Mobile

"{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9838502B-CB01-F07C-355E-6A99B472AF6F}" = CCC Help Spanish

"{9958978D-994A-06A7-F34F-1E8276A78754}" = CCC Help Chinese Traditional

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523

"{9dba0447-b749-41ea-90bc-2aa19a9eb580}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9AF76B6-CC38-F234-FE9B-670439204BDA}" = CCC Help Danish

"{AA36E9DD-AFB7-E41D-21B6-E042E72FBC50}" = CCC Help Finnish

"{AA6BB7D8-CD01-01CF-6380-98F856E505BD}" = CCC Help French

"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.11) - Deutsch

"{B4B6C5E2-7341-DEC2-75DD-DE3C5C885B50}" = CCC Help Norwegian

"{C68FF4E9-C858-14E1-27B2-BEB8C3982FBA}" = Catalyst Control Center InstallProxy

"{C7ECA0F4-805E-358E-09EA-DF586A547EB1}" = CCC Help German

"{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830

"{D4E0052F-D2F6-CC47-216E-0F98AA3D02FD}" = CCC Help English

"{E3201FB8-4969-30D4-EFC2-B153EAEA6487}" = Catalyst Control Center

"{EBE4F079-3395-110E-CC67-E1826AA32934}" = CCC Help Turkish

"{ED0D8922-7F6C-2B5C-A09A-3FE459E4DDB1}" = CCC Help Greek

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F68B404C-0E04-337F-A132-796508EE337A}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830

"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

"{F8D6C194-6F77-F864-18E2-6EFF3BD6A18D}" = Catalyst Control Center Localization All

"{FCA8077C-65B4-0F40-5BCF-8CACC67899AF}" = CCC Help Portuguese

"{FE9A8A35-DBD4-9D26-84A2-CFF68BEFAAB6}" = PX Profile Update

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 18 ActiveX

"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"League of Legends 3.0.1" = League of Legends

"LManager" = Launch Manager

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.1.6.1022

"Mozilla Firefox 39.0 (x86 de)" = Mozilla Firefox 39.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MyDriveConnect" = MyDriveConnect 4.0.3.2180

"VLC media player" = VLC media player

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1" = World of Tanks

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12.07.2015 02:39:02 | Computer Name = Nutzer-PC | Source = Application Hang | ID = 1002

Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 6f4    Startzeit: 01d0bc6c1b230902    Endzeit: 12886    Anwendungspfad:

 C:\Windows\Explorer.EXE    Berichts-ID: a3830060-2860-11e5-8fe1-1c7508fa646a  

 

Error - 12.07.2015 02:41:22 | Computer Name = Nutzer-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.07.2015 06:35:07 | Computer Name = Nutzer-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.07.2015 06:37:27 | Computer Name = Nutzer-PC | Source = Application Hang | ID = 1002

Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 7cc    Startzeit: 01d0bc8e6a4e79b7    Endzeit: 0    Anwendungspfad: C:\Windows\Explorer.EXE
 

Berichts-ID:

 f46b2b7f-2881-11e5-8fb0-1c7508fa646a  

 

Error - 12.07.2015 06:37:51 | Computer Name = Nutzer-PC | Source = ATIeRecord | ID = 16386

Description = ATI EEU Client has failed to start

 

Error - 12.07.2015 06:38:04 | Computer Name = Nutzer-PC | Source = Application Hang | ID = 1002

Description = Programm taskmgr.exe, Version 6.1.7601.17514 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: ac4    Startzeit: 01d0bc8ebbf865f8    Endzeit: 16    Anwendungspfad: 

C:\Windows\system32\taskmgr.exe    Berichts-ID: 07a50db9-2882-11e5-8fb0-1c7508fa646a
 

 

Error - 12.07.2015 06:42:01 | Computer Name = Nutzer-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.07.2015 06:42:26 | Computer Name = Nutzer-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "F:\esetsmartinstaller_deu

 (1).exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung

 erforderliche Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven

 Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error - 12.07.2015 13:44:28 | Computer Name = Nutzer-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.07.2015 13:55:35 | Computer Name = Nutzer-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 12.07.2015 13:55:47 | Computer Name = Nutzer-PC | Source = PNRPSvc | ID = 102

Description = 

 

Error - 12.07.2015 13:55:47 | Computer Name = Nutzer-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler

 beendet:   %%-2140993535

 

Error - 12.07.2015 13:55:47 | Computer Name = Nutzer-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%-2140993535

 

Error - 12.07.2015 13:55:56 | Computer Name = Nutzer-PC | Source = PNRPSvc | ID = 102

Description = 

 

Error - 12.07.2015 13:55:56 | Computer Name = Nutzer-PC | Source = PNRPSvc | ID = 102

Description = 

 

Error - 12.07.2015 13:55:56 | Computer Name = Nutzer-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler

 beendet:   %%-2140993535

 

Error - 12.07.2015 13:55:56 | Computer Name = Nutzer-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%-2140993535

 

Error - 12.07.2015 13:55:56 | Computer Name = Nutzer-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler

 beendet:   %%-2140993535

 

Error - 12.07.2015 13:55:56 | Computer Name = Nutzer-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%-2140993535

 

Error - 12.07.2015 13:56:32 | Computer Name = Nutzer-PC | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >