Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash Player Update - 05/14/2015


  • This topic is locked This topic is locked
22 replies to this topic

#1 Rudinho

Rudinho

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 May 2015 - 06:19 AM

Hallo Jürgen, ich bin neue hier und bin durch Google Recherche auf euch aufmerksam geworden.

Habe am 14.05.2015 ein Adobe Flash Player Update durchgeführt und bin/war voll von Adware.

 

Bin deiner Anleitung gefolgt und momentan bei Schritt 2 Adwcleaner.

 

Hier ist der Inhalt meines Logfiles. Ich hoffe, dass du mir helfen kannst, mein Laptop wieder sauber zu kriegen.

 

Vielen Dank im Voraus.

 

# AdwCleaner v4.204 - Bericht erstellt 17/05/2015 um 13:02:59
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Rudinho - RUDINHO-PC
# Gestarted von : C:\Users\Rudinho\Desktop\adwcleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : IHProtect Service
[#] Dienst Gelöscht : WindowsMangerProtect
[#] Dienst Gelöscht : YahooAUService
[#] Dienst Gelöscht : innfd_1_10_0_14

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\RewardsArcade
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Users\Rudinho\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Rudinho\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Rudinho\AppData\Local\RewardsArcade
Ordner Gelöscht : C:\Users\Rudinho\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Rudinho\AppData\Local\BoBrowser
Ordner Gelöscht : C:\Users\Rudinho\AppData\LocalLow\Yahoo! Companion
Ordner Gelöscht : C:\Users\Rudinho\AppData\Roaming\ARecEngine
Ordner Gelöscht : C:\Users\Rudinho\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Rudinho\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Rudinho\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Rudinho\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Datei Gelöscht : C:\claraInstaller.txt
Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

***** [ Geplante Tasks ] *****

Task Gelöscht : BrowserDefendert

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\5355da8be16ae913
Schlüssel Gelöscht : HKLM\SOFTWARE\5355da8be16ae913
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\WajIEnhance
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\oursurfingSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D62304BE-D5D3-4CCF-8973-123909491ADB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49366;hxxps=127.0.0.1:49366
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49366;hxxps=127.0.0.1:49366
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v38.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [11080 Bytes] - [17/05/2015 13:00:15]
AdwCleaner[S0].txt - [8646 Bytes] - [17/05/2015 13:02:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8705  Bytes] ##########

 



BC AdBot (Login to Remove)

 


#2 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 May 2015 - 07:36 AM

Hallo Jürgen,

 

hier ist der Log nach Schritt 4 mit Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.05.2015
Suchlauf-Zeit: 13:31:09
Logdatei: Malwarebytes.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.17.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Rudinho

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 392686
Verstrichene Zeit: 1 Std, 0 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)



#3 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 May 2015 - 07:58 AM

Hier die letzten beiden Auswertungen:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Rudinho (administrator) on RUDINHO-PC on 17-05-2015 14:49:31
Running from C:\Users\Rudinho\Desktop
Loaded Profiles: Rudinho (Available profiles: Rudinho)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Quanta Computer, INC.) C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Dropbox, Inc.) C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Irfan Skiljan) C:\Program Files (x86)\IrfanView\i_view32.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avBugReport.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-04-23] (Samsung Electronics)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [Keyboard Manager Utility] => C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe [1438720 2009-11-16] (Quanta Computer, INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Run: [LPT System Updater] => C:\Users\Rudinho\AppData\Local\LPT\srptm.exe
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\MountPoints2: {75633d59-d865-11de-9b8a-00269e1ae82f} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49366;https=127.0.0.1:49366
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_fsvideosft_15_16&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0EtC0A0EzztB0F0E0FyD0BtN0D0Tzu0StCtBtDtCtN1L2XzutAtFtCtDtFtBtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0DtAzyzyyByCzytG0CyBtD0CtGtA0A0AtBtGyC0C0AzztGtBtB0Fzy0D0FyDtDtDzytCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtBtC0DtC0FtD0CtGyByC0B0EtGyEyEyDyBtG0A0BtB0AtGyByEzz0DtAtByDzz0Czy0B0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBtCyD%26cr%3D145986322%26a%3Dwny_fsvideosft_15_16%26os%3DWindows 7 Ultimate&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-04-17] (Avast Software s.r.o.)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-17] (Avast Software s.r.o.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996
FF Homepage: google.de
FF NetworkProxy: "type", 5
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [2013-04-23] (Samsung)
FF Plugin HKU\S-1-5-21-1302145231-2720168240-4248066923-1000: samsung.com/AllSharePlayPCPlugin -> C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll No File
FF Plugin HKU\S-1-5-21-1302145231-2720168240-4248066923-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: ICQ Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-05-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-28]
FF HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe [405896 2013-04-16] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-12-23] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe [605768 2013-04-23] (Copyright 2013 SAMSUNG)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-05] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 qkbfiltr; C:\Windows\System32\DRIVERS\qkbfiltr.sys [41984 2006-08-21] (Quanta Computer Inc.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2009-07-14] (Microsoft Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 14:49 - 2015-05-17 14:50 - 00023401 _____ () C:\Users\Rudinho\Desktop\FRST.txt
2015-05-17 14:48 - 2015-05-17 14:49 - 00000000 ____D () C:\FRST
2015-05-17 14:38 - 2015-05-17 14:38 - 02107392 _____ (Farbar) C:\Users\Rudinho\Desktop\FRST64.exe
2015-05-17 13:29 - 2015-05-17 13:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-17 13:29 - 2015-05-17 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 13:29 - 2015-05-17 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-17 13:29 - 2015-05-17 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 13:29 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-17 13:29 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-17 13:29 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-17 12:59 - 2015-05-17 13:22 - 00000000 ____D () C:\AdwCleaner
2015-05-17 12:30 - 2015-05-17 12:30 - 00000000 ____D () C:\Users\Rudinho\Desktop\Alte Firefox-Daten
2015-05-17 12:12 - 2015-05-17 12:12 - 00003160 _____ () C:\Windows\System32\Tasks\{311E65EE-C863-4C04-A30F-65529C90DEB5}
2015-05-17 11:50 - 2015-05-17 11:51 - 00000000 ____D () C:\ProgramData\DesktopSearch
2015-05-17 11:39 - 2015-05-17 14:41 - 00000280 _____ () C:\Windows\setupact.log
2015-05-17 11:39 - 2015-05-17 11:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-17 11:36 - 2015-05-17 14:41 - 00036570 _____ () C:\Windows\PFRO.log
2015-05-14 20:23 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 20:23 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:51 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:50 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 16:50 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 16:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 16:50 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 16:50 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 16:50 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 16:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 16:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 16:50 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 16:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 16:50 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 16:50 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 16:50 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 16:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 16:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 16:50 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 16:50 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 16:50 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 16:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 16:50 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 16:50 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 16:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 16:50 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 16:50 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 16:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 16:50 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 16:50 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 16:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 16:50 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 16:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 16:50 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 16:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 16:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 16:50 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 16:50 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 16:50 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 16:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 16:50 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 16:50 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 16:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 16:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 16:50 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 16:50 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 16:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 16:50 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 16:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 16:50 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 16:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 16:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 16:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 16:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 16:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 16:50 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 16:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 16:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 16:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 16:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 16:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 16:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 16:49 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:49 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:49 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:49 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:49 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:49 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:49 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:02 - 2015-05-17 13:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-07 22:25 - 2015-05-07 22:33 - 00000000 ____D () C:\Windows\rescache
2015-05-05 21:47 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-05 21:47 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-05 21:47 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-05 21:47 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-05 21:47 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-05 21:47 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-05 21:47 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-05 21:47 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-05 21:47 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-05 21:47 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-05 21:47 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-05 21:47 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-05 21:47 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-05 21:47 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-05 21:47 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-05 21:47 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-05 21:47 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-05 21:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-05 21:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-05 21:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-05 21:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-05 21:30 - 2015-05-05 21:30 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-05 21:30 - 2015-05-05 21:30 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-04 22:13 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-04 22:13 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-04 22:13 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-04 22:13 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-04 22:13 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-04 22:13 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-04 22:13 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-04 22:13 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-04 22:13 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-04 22:03 - 2015-05-04 22:03 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-05-04 22:02 - 2015-05-04 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-04-26 21:19 - 2015-04-30 12:25 - 00012748 _____ () C:\Users\Rudinho\Documents\Nebenkosten.xlsx
2015-04-25 19:07 - 2015-04-27 21:00 - 00000000 ____D () C:\Users\Rudinho\Desktop\Mathe
2015-04-25 18:46 - 2015-04-25 20:06 - 00000000 ____D () C:\Users\Rudinho\Desktop\Englisch_Übungsaufgaben
2015-04-21 22:13 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-21 22:13 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-21 22:13 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-21 22:13 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-04-21 22:12 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-21 22:12 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-04-17 00:55 - 2015-04-17 00:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-17 00:22 - 2015-04-17 00:22 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-17 00:21 - 2015-04-17 00:21 - 00000000 ____D () C:\Users\Rudinho\AppData\Local\695794C2_stp
2015-04-17 00:20 - 2015-04-17 00:20 - 06919995 _____ () C:\Users\Rudinho\AppData\Local\695794C2_stp.CIS
2015-04-17 00:20 - 2015-04-17 00:20 - 00047168 _____ () C:\Users\Rudinho\AppData\Local\59ED2468_stp.CIS
2015-04-17 00:20 - 2015-04-17 00:20 - 00000364 _____ () C:\Users\Rudinho\AppData\Local\695794C2_stp.CIS.part
2015-04-17 00:20 - 2015-04-17 00:20 - 00000289 _____ () C:\Users\Rudinho\AppData\Local\59ED2468_stp.CIS.part
2015-04-17 00:18 - 2015-04-17 00:25 - 00000000 ____D () C:\Users\Rudinho\AppData\Local\5D515C96_stp
2015-04-17 00:18 - 2015-04-17 00:18 - 00385602 _____ () C:\Users\Rudinho\AppData\Local\5D515C96_stp.CIS
2015-04-17 00:18 - 2015-04-17 00:18 - 00000220 _____ () C:\Users\Rudinho\AppData\Local\5D515C96_stp.CIS.part
2015-04-17 00:08 - 2015-04-17 00:08 - 00000000 ____D () C:\Users\Rudinho\Desktop\Fotobuch_Oma_Olga

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 14:47 - 2014-08-25 23:07 - 00000000 ___RD () C:\Users\Rudinho\Dropbox
2015-05-17 14:47 - 2012-09-20 22:26 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Dropbox
2015-05-17 14:47 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 14:47 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 14:45 - 2012-09-20 21:54 - 00000000 ____D () C:\Samsung Link
2015-05-17 14:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 14:41 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2015-05-17 14:39 - 2012-12-11 22:25 - 01980481 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 14:31 - 2012-04-12 10:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 13:04 - 2012-04-26 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 13:03 - 2009-11-17 22:01 - 00000000 ____D () C:\ProgramData\ICQ
2015-05-17 12:58 - 2009-12-23 15:39 - 42595840 ___SH () C:\Users\Rudinho\Desktop\Thumbs.db
2015-05-17 12:29 - 2009-12-23 15:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-17 12:20 - 2014-06-15 15:14 - 00001164 _____ () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 12:20 - 2011-03-27 15:09 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 12:20 - 2009-11-14 16:38 - 00001425 _____ () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-17 12:08 - 2009-11-14 20:27 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C4ED241-6AAB-4050-902F-1D5B5D042085}
2015-05-17 11:43 - 2014-04-10 21:10 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-17 11:41 - 2009-07-14 06:45 - 05039640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 21:49 - 2015-02-16 23:57 - 00000000 ____D () C:\Users\Rudinho\Desktop\Festplatte
2015-05-14 21:05 - 2009-11-30 23:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 21:04 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 21:03 - 2013-07-10 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 20:44 - 2009-10-14 07:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 19:08 - 2009-11-14 20:57 - 00716728 _____ () C:\Windows\system32\perfh019.dat
2015-05-14 19:08 - 2009-11-14 20:57 - 00151034 _____ () C:\Windows\system32\perfc019.dat
2015-05-14 19:08 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 19:08 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 19:08 - 2009-07-14 07:13 - 02487872 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 16:28 - 2014-08-20 21:40 - 00000000 ____D () C:\Users\Rudinho\AppData\Local\Adobe
2015-05-14 16:27 - 2012-04-12 10:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-14 16:27 - 2012-04-12 10:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-14 16:27 - 2011-05-17 19:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-12 20:29 - 2014-07-16 23:15 - 00000000 ____D () C:\Users\Rudinho\Desktop\SM
2015-05-12 18:40 - 2012-09-20 22:29 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-05 21:30 - 2014-05-08 22:45 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-05 21:30 - 2013-12-31 16:44 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-05 21:30 - 2013-02-28 20:30 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-05 21:30 - 2013-02-28 20:30 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-05 21:30 - 2012-02-26 15:43 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-05 21:30 - 2009-11-30 22:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-05 21:30 - 2009-11-30 22:55 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-05 21:29 - 2011-03-28 20:48 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-04 21:59 - 2014-05-17 17:15 - 00103424 ___SH () C:\Users\Rudinho\Documents\Thumbs.db
2015-05-02 17:43 - 2009-11-21 10:36 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Skype
2015-04-25 18:59 - 2009-11-14 20:47 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Adobe
2015-04-24 21:52 - 2015-02-14 13:23 - 00000000 ____D () C:\Users\Rudinho\Desktop\60. Hochzeitstag_Oma_&_Opa_Gleich
2015-04-24 21:11 - 2014-08-25 23:18 - 00000000 ____D () C:\Users\Rudinho\Desktop\Unsere Hochzeit
2015-04-23 21:54 - 2015-04-16 19:06 - 00000000 ____D () C:\Users\Rudinho\Desktop\Flitterwochen_Mexiko_Yucatan_Playa del Carmen_Playacar_Riu Yucatan_30.03.-14.04.2015
2015-04-23 21:54 - 2014-10-21 22:46 - 00000000 ____D () C:\Users\Rudinho\Desktop\Sonstiges
2015-04-23 21:54 - 2013-10-03 21:23 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\vlc
2015-04-23 21:49 - 2015-02-14 13:24 - 00000000 ____D () C:\Users\Rudinho\Desktop\Budapest_Oktober_2014
2015-04-23 21:15 - 2009-11-17 21:59 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-04-23 21:12 - 2014-09-30 23:19 - 00000000 ____D () C:\Users\Rudinho\Desktop\Bulgarien_Sonnenstrand_September 2014
2015-04-22 01:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-22 00:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 02:21 - 2014-12-21 08:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 02:21 - 2014-04-22 20:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-17 02:04 - 2011-08-19 18:58 - 02444478 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-17 01:06 - 2014-12-25 20:21 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-17 00:23 - 2014-10-01 00:30 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-17 00:23 - 2009-11-17 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-17 00:21 - 2011-08-09 17:46 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\DVDVideoSoft

==================== Files in the root of some directories =======

2013-03-01 23:09 - 2013-03-01 23:10 - 1181709 _____ () C:\Program Files\190771505_bf95264732.zip
2010-01-25 22:37 - 2012-08-10 21:46 - 0000156 _____ () C:\Users\Rudinho\AppData\Roaming\default.rss
2014-04-26 17:24 - 2014-04-26 17:24 - 0000043 _____ () C:\Users\Rudinho\AppData\Roaming\WB.CFG
2015-04-17 00:20 - 2015-04-17 00:20 - 0047168 _____ () C:\Users\Rudinho\AppData\Local\59ED2468_stp.CIS
2015-04-17 00:20 - 2015-04-17 00:20 - 0000289 _____ () C:\Users\Rudinho\AppData\Local\59ED2468_stp.CIS.part
2015-04-17 00:18 - 2015-04-17 00:18 - 0385602 _____ () C:\Users\Rudinho\AppData\Local\5D515C96_stp.CIS
2015-04-17 00:18 - 2015-04-17 00:18 - 0000220 _____ () C:\Users\Rudinho\AppData\Local\5D515C96_stp.CIS.part
2015-04-17 00:20 - 2015-04-17 00:20 - 6919995 _____ () C:\Users\Rudinho\AppData\Local\695794C2_stp.CIS
2015-04-17 00:20 - 2015-04-17 00:20 - 0000364 _____ () C:\Users\Rudinho\AppData\Local\695794C2_stp.CIS.part
2009-11-16 22:47 - 2009-11-16 22:47 - 0000000 _____ () C:\Users\Rudinho\AppData\Local\AtStart.txt
2012-06-08 22:24 - 2014-12-26 00:30 - 0009216 _____ () C:\Users\Rudinho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-16 22:47 - 2009-11-16 22:47 - 0000000 _____ () C:\Users\Rudinho\AppData\Local\DSwitch.txt
2009-11-16 22:47 - 2009-11-16 22:47 - 0000000 _____ () C:\Users\Rudinho\AppData\Local\QSwitch.txt
2009-11-16 23:05 - 2009-11-16 23:05 - 0000017 _____ () C:\Users\Rudinho\AppData\Local\resmon.resmoncfg
2014-08-26 00:14 - 2014-08-26 00:14 - 0000097 _____ () C:\Users\Rudinho\AppData\Local\TempPerfectTablePlan_guests.vcf
2009-11-21 10:38 - 2009-11-21 10:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-02-20 17:52 - 2012-02-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Some content of TEMP:
====================
C:\Users\Rudinho\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphysifi.dll
C:\Users\Rudinho\AppData\Local\Temp\Quarantine.exe
C:\Users\Rudinho\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Rudinho\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 18:26

==================== End Of Log ============================

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Rudinho at 2015-05-17 14:51:27
Running from C:\Users\Rudinho\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1302145231-2720168240-4248066923-500 - Administrator - Disabled)
Gast (S-1-5-21-1302145231-2720168240-4248066923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1302145231-2720168240-4248066923-1002 - Limited - Enabled)
Rudinho (S-1-5-21-1302145231-2720168240-4248066923-1000 - Administrator - Enabled) => C:\Users\Rudinho

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
AC3File 0.6b (HKLM-x32\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AllShare Framework DMS (HKLM\...\{760B2E2C-9FC4-403E-95A7-6D61EBF15B05}) (Version: 1.3.07 - Samsung)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Free YouTube Download version 3.2.58.415 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.58.415 - DVDVideoSoft Ltd.)
Hauppauge MCE XP/Vista Software Encoder (2.0.27022) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.27022 - Hauppauge Computer Works, Inc.)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Keyboard Manager Utility (HKLM-x32\...\InstallShield_{54217D12-40AD-4E37-8617-1F9AA19E9077}) (Version:  - )
Keyboard Manager Utility (HKLM-x32\...\InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}) (Version: 2.36.1000 - Publisher)
Keyboard Manager Utility (Version: 2.34.0000 - Publisher) Hidden
Keyboard Manager Utility (x32 Version: 2.36.1000 - Publisher) Hidden
K-Lite Codec Pack 8.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.51209 - Корпорация Майкрософт)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM-x32\...\{5a5da92c-c9e1-4613-9197-311662105d17}) (Version:  - Nero AG)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Samsung Link 1.5.0.1304231405 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1304231405 - Copyright 2013 SAMSUNG)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoundTrax (x32 Version: 4.4.37.1 - Nero AG) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.4 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zeugnis-Generator 10.0 (HKLM-x32\...\{20E08DBB-9708-45E6-B4CD-3526ABC5BC6E}) (Version: 10.00.0001 - H&P Infomedia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-05-2015 20:22:01 Windows Update
17-05-2015 12:21:57 Removed Microsoft Silverlight

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-17 21:11 - 00450824 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com
127.0.0.1    123simsen.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05E02761-AA92-41CF-8AF2-EBEB3AFC0170} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {06625047-366F-440D-90B8-0851D5AEEF40} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {09B02D70-1F5B-4F4A-9530-DA618B930ACB} - System32\Tasks\{9E12DA89-20F5-4079-9BAC-5BC71CC5D263} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {0A843B96-AC9D-4E87-B0D6-B9103BA5A526} - System32\Tasks\{8B00EC31-3602-48EB-B32A-12EC6EAF5020} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {127E7B56-99DD-4E0A-A091-917FE93AA2F4} - System32\Tasks\{5DCDE7B4-19F2-4DB8-9BBC-EC42A6FB8179} => pcalua.exe -a C:\Users\Rudinho\Desktop\nb_driver_w466u_w566u_w566n_kbmanager_vista64_2.34\KBManager\Setup.exe -d C:\Users\Rudinho\Desktop\nb_driver_w466u_w566u_w566n_kbmanager_vista64_2.34\KBManager
Task: {2F1CB5D1-B86D-46B0-8C46-05E3747EC0E8} - System32\Tasks\{83619E7A-3BF2-4935-8B42-004B0D8BEDD5} => pcalua.exe -a C:\Users\Rudinho\Desktop\iview437_setup.exe -d C:\Users\Rudinho\Desktop
Task: {3053565C-A871-4CB2-BB7D-F1F035A91154} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {35F72B63-A66E-46FA-9393-4413088A88E0} - System32\Tasks\{8F1654FA-EFD2-4D12-BC2A-C7F3463EC23E} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\7\SSECUninstall.exe
Task: {3E6DA57A-85DF-4F58-BB20-FB9C723B135A} - System32\Tasks\{28577632-B309-4C74-A77D-5AD916DC6731} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-02-26] (Skype Technologies S.A.)
Task: {446B7D65-C525-46D3-A51A-1224F5C126F7} - System32\Tasks\{FDD9A430-C111-464A-972E-338B86850C1B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-02-26] (Skype Technologies S.A.)
Task: {4E96361D-77BE-4101-93A3-5F4BFF4ADB65} - System32\Tasks\{A452C314-A0BF-4F38-937F-9ABB3158D012} => pcalua.exe -a C:\Users\Rudinho\Desktop\mp3DC211.exe -d C:\Users\Rudinho\Desktop
Task: {51CAE22B-63E1-423D-8A60-D25BC704FB38} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {554DC8C9-C8DE-4AC6-9C34-EC8F48E1EA98} - System32\Tasks\{9A231BCB-5FB4-4263-8D54-FB15A3C1F972} => pcalua.exe -a C:\Windows\TEMP\avast_ash\IrfanView\iview436_setup.exe -d "C:\Program Files\Alwil Software\Avast5"
Task: {5912C223-5E22-4126-AE73-67F4C2103BC6} - System32\Tasks\HPCeeScheduleForRudinho => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {5F02B7A0-92C3-49E0-A2B2-116065463509} - System32\Tasks\{E5A015C7-1425-4E47-8C56-5466A8DC0F4C} => pcalua.exe -a C:\Users\Rudinho\Desktop\sp45817.exe -d C:\Users\Rudinho\Desktop
Task: {61B316C2-E43E-4A4D-9892-6275B1926D5A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {62FE9A21-6DC9-446C-AFA5-F5C5EB997C10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6BCCB4BA-7B1B-40BC-ACB5-97359825F3AC} - System32\Tasks\{BDE7E03A-A68C-4153-A369-679F0C2A629D} => pcalua.exe -a C:\Users\Rudinho\Desktop\AdobeAIRInstaller.exe -d C:\Users\Rudinho\Desktop
Task: {6EBC24D6-A26B-42BD-B0B1-D674869FF474} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {7326976F-6869-4FC6-B5FB-19071641D8C0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {8509EF1F-3CDB-4FB4-8535-A3CFEC817AD5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8DCDA3C3-656D-4400-B320-3B361E4DF89D} - System32\Tasks\{05D8664F-A2E9-4D72-BFBD-A079C37680D5} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {91561AC7-BFD9-4CD9-8545-A17FAC2A69C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {917BD0B4-CFCC-40BB-AAFD-B3E3F9D306F8} - System32\Tasks\{1E53F970-076C-4F28-A006-ECBED6DC6A4A} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Task: {A193DE6E-FAA7-4453-A4BC-7222E203577A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BBBAA7AF-C9B6-47FA-810D-311DD6590BC5} - System32\Tasks\{122E1171-0F2A-4B8D-9D1C-7B79734148BE} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SS_BUninstall.exe
Task: {C1369C97-ED7A-4844-BC4D-42D9930BD626} - System32\Tasks\{311E65EE-C863-4C04-A30F-65529C90DEB5} => pcalua.exe -a C:\Users\Rudinho\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=tt4u
Task: {CCF06BB6-FC73-4C59-AE7A-A0F01DA52B43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D8814770-B4CF-4088-AD10-869FB62AE82B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-14] (Adobe Systems Incorporated)
Task: {E1B55B13-DB5C-4975-9A35-6C3DEA253CDB} - System32\Tasks\{CE7BE51E-AB9F-4552-A88F-A41DF871FBEC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {F9CDC9CC-0CE7-48C5-881D-2137900A4AB0} - System32\Tasks\{4E4803ED-9C07-47AA-84BD-B735CFC1B6B8} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {F9E5CD74-78AD-4D76-8D54-6461A98207CA} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-05] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRudinho.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-08 13:37 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2009-11-16 23:17 - 2009-11-16 23:17 - 00017920 _____ () C:\Program Files\Keyboard Manager\Manager Utility\QManager.dll
2013-04-25 22:30 - 2013-04-23 14:05 - 01226752 _____ () C:\Program Files\Samsung\Samsung Link\SecLibJNI.dll
2013-04-27 18:06 - 2013-04-27 18:06 - 00515584 ____N () C:\Users\Rudinho\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-04-25 22:30 - 2013-04-23 14:05 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2013-04-16 17:36 - 2013-04-16 17:36 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\JNIInterface.dll
2013-04-16 17:37 - 2013-04-16 17:37 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\ASFAPI.dll
2013-04-16 17:37 - 2013-04-16 17:37 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\MediaDB_Manager.dll
2013-02-14 19:41 - 2013-02-14 19:41 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-02-14 19:41 - 2013-02-14 19:41 - 00905216 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-04-16 17:38 - 2013-04-16 17:38 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\DMS_Manager.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files (x86)\CCleaner\lang\lang-1031.dll
2015-05-05 21:30 - 2015-05-05 21:30 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-05-05 21:29 - 2015-05-05 21:29 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-05-17 11:44 - 2015-05-17 11:44 - 02929664 _____ () C:\Program Files\Alwil Software\Avast5\defs\15051700\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\DMSManager.dll
2013-04-08 16:34 - 2013-04-08 16:34 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ContentDirectoryPresenter.dll
2013-02-15 16:54 - 2013-02-15 16:54 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\DCMCDP.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\FolderCDP.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\DCMImgExtractor.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libexpat.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\swscale-0.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AudioExtractor.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00063488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\tag.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libThumbnail.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\RichInfoDriver.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\VideoExtractor.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ThumbnailMaker.dll
2013-04-12 08:59 - 2013-04-12 08:59 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ImageMagickWrapper.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00133120 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\VideoMetadataDriver.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libKeyFrame.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\SECMetaDriver.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ImageExtractor.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libexif-12.dll.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\TextExtractor.dll
2013-02-15 16:56 - 2013-02-15 16:56 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\Autobackup.dll
2013-02-15 16:56 - 2013-02-15 16:56 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\RosettaAllShare.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_serialization-vc90-mt-1_47.dll
2013-04-15 18:53 - 2013-04-15 18:53 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_date_time-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_system-vc90-mt-1_47.dll
2013-04-15 18:53 - 2013-04-15 18:53 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\us.dll
2015-05-17 14:45 - 2015-05-17 14:45 - 00043008 _____ () c:\users\rudinho\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphysifi.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-17 00:10 - 2015-04-17 00:10 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Rudinho\Desktop\SM:com.dropbox.attributes
AlternateDataStreams: C:\Users\Rudinho\Documents\02cf202f-8f17-42b4-8012-1e1070fd9048.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Rudinho\Documents\a36e7c93-d12e-4f46-9106-49730c7c3dba.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Rudinho\Documents\Nebenkosten.xlsx:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Rudinho^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AllShare Play => C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{4861FB5E-BAED-408A-9750-4310E83709A5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{234C1305-1108-48D6-85D3-2C4438F1D2F8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{DFF0DCF8-BF6C-4559-B0CB-AAD303B8788F}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{ABD7FB34-2FB4-430E-907A-7E7480C7A99E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{78DFBAEA-1C90-4695-83FC-C1D1035E74FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{792332A3-567A-49DA-B731-5AA78C51F230}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{88FB3BDC-886C-4AD0-A077-2D943B3BF341}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{64BF9433-DD19-41D9-9254-7E8D2BB63294}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{324676C4-1E19-4DFD-B786-3BC9C2E4615D}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{092481ED-A28A-4A82-8BDD-8D75EAA1877C}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{29B5B08A-84A9-47C2-B1FE-6EBC470E27E2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{DA019944-95A5-4C01-9D74-87D7443A2B81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91C3F9B2-4F04-4161-8F33-B1F9508A05FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B9F474B-8E8C-4A80-AEDF-03F38DBDDEC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{98A662CC-A2F0-4C78-A494-DAC61A2009CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{69B0996B-9399-4B44-865F-3681C50A3A44}C:\program files (x86)\icq7.5\icq.exe] => (Block) C:\program files (x86)\icq7.5\icq.exe
FirewallRules: [UDP Query User{6ED5040B-E64A-4CF4-AFFF-63503A7812D4}C:\program files (x86)\icq7.5\icq.exe] => (Block) C:\program files (x86)\icq7.5\icq.exe
FirewallRules: [{17FE816F-EA0E-4554-8C92-F3E15015B8F4}] => (Allow) LPort=80
FirewallRules: [TCP Query User{F097FD5E-3205-4962-B39D-AA3676963152}C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9FCD37CB-779E-416A-8869-751C028D695B}C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{CB593A16-7F9F-4FAE-AB9D-F96FCF2BD0B6}] => (Allow) C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{84C4D7F9-41CD-4B6B-B88D-F30C427C5849}] => (Allow) C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D52EDB2B-75A2-4870-BEAF-2F92684DE3D1}] => (Allow) LPort=8743
FirewallRules: [{4292C2FE-A312-4987-A923-9879DD6D14A0}] => (Allow) LPort=8643
FirewallRules: [{1D1DFDF5-401B-4A9D-96AE-25BFD26659AF}] => (Allow) LPort=7676
FirewallRules: [{26CD753D-1448-4D36-8059-1332FD612C47}] => (Allow) LPort=7679
FirewallRules: [{C4000B33-C2BD-4AC4-A8F8-AA66C239E6EF}] => (Allow) LPort=24234
FirewallRules: [{F5759AAC-F7D2-4270-9718-657202F40D2A}] => (Allow) LPort=7900
FirewallRules: [{6ECC2A7A-82AC-4E53-843A-F16D6CF5B613}] => (Allow) LPort=1900
FirewallRules: [{86A2AF76-0D4D-4B40-811A-B6193E13FD9E}] => (Allow) LPort=8743
FirewallRules: [{10C3085C-976D-44D1-BA87-32ABC039F8E9}] => (Allow) LPort=8643
FirewallRules: [{A1CC79E0-9280-439D-8CE9-6BF699E188D0}] => (Allow) LPort=7676
FirewallRules: [{7EF1ABBA-6F0E-416F-A4FA-F5D3200963AD}] => (Allow) LPort=7679
FirewallRules: [TCP Query User{66225F1B-EA1C-4AC6-8E46-43EFD5959923}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DAECC68C-BE0D-4467-85CD-D471747A15A5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{56490C83-AA72-4A64-B0DD-CDAC8F8D5BCE}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{01531CF6-F166-447F-AE39-E342ABEC319C}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{AA1F3502-5C54-4E80-8B35-BE70F0D14A08}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
FirewallRules: [{7C6DC320-F333-479D-A394-F4CE5FF02080}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
FirewallRules: [{2D8DCF93-2A6E-4060-B89D-F1BA94FA57DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DDDBCD8-C138-4D14-B5DC-86BAECBBB8CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E78D5BC5-CEE8-4B8E-B008-7D862A58B3EE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3F129699-2CDB-466F-BB1A-BC3DA0E4204A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 02:41:55 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (05/17/2015 02:41:55 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (05/17/2015 01:23:38 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (05/17/2015 01:23:38 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (05/17/2015 01:05:24 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (05/17/2015 01:05:24 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (05/17/2015 00:05:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm s2882.exe, Version 3.1.40.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1960

Startzeit: 01d09088ce2c8d61

Endzeit: 6

Anwendungspfad: C:\Users\Rudinho\AppData\Local\Temp\n2882\s2882.exe

Berichts-ID:

Error: (05/17/2015 11:53:45 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0

Error: (05/17/2015 11:53:45 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0

Error: (05/17/2015 11:39:48 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0


System errors:
=============
Error: (05/17/2015 02:42:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen

Error: (05/17/2015 02:41:35 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/17/2015 02:41:35 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/17/2015 02:41:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/17/2015 01:24:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/17/2015 01:24:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen

Error: (05/17/2015 01:23:31 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/17/2015 01:23:31 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/17/2015 01:23:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/17/2015 01:22:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (12/14/2012 11:43:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/30/2011 00:05:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/27/2011 01:50:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/27/2011 01:50:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/24/2011 01:28:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/23/2011 01:21:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2011 01:58:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2011 02:21:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2011 02:21:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2011 02:21:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2010-01-23 17:46:31.987
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:31.978
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:31.968
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:31.959
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.669
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.660
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.651
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.637
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2009-11-16 21:49:22.051
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2009-11-16 21:49:22.051
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 4063.19 MB
Available physical RAM: 1450.17 MB
Total Pagefile: 8124.59 MB
Available Pagefile: 5474.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.07 GB) (Free:120.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:12.02 GB) (Free:11.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5ABD451A)
Partition 1: (Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 18 May 2015 - 06:02 AM

I have a problem, who will help me?

If required I can translate the posts from above in English. Just let me know.

 

Thanks in advance for your support.



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 19 May 2015 - 09:44 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    systemspecs;
    filesrcm;
    autoclean;
    emptyclsid;
    FFdefaults;
    iedefaults;
    shortcutfix;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 22 May 2015 - 02:51 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 22 May 2015 - 08:10 AM

Yes, I´m here but I need more time because I´m not @home at the moment.

I will make it tomorrow.



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 22 May 2015 - 10:03 AM

OK. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 24 May 2015 - 05:25 AM

Also wie siehts aus?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 25 May 2015 - 12:36 PM

Bin leider noch nicht dazu gekommen, werde es aber so schnell es geht nachholen.

 

Brauche nur etwas Zeit.

 

Danke für das Verständnis.



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 25 May 2015 - 12:38 PM

OK.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 25 May 2015 - 05:27 PM

Hier ist es:

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Rudinho on 25.05.2015 at 23:40:44,77.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rudinho\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.05.2015 23:42:49 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Convar deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nokia deleted successfully
C:\PROGRA~2\TomTom DesktopSuite deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~3\DesktopSearch deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\Users\Rudinho\AppData\Roaming\K-Meleon deleted successfully
C:\Users\Rudinho\AppData\Roaming\kock deleted successfully
C:\Users\Rudinho\AppData\Roaming\NeroDigital™ deleted successfully
C:\Users\Rudinho\AppData\Roaming\Nokia Suite deleted successfully
C:\Users\Rudinho\AppData\Roaming\PACE Anti-Piracy deleted successfully
C:\Users\Rudinho\AppData\Roaming\Samsung deleted successfully
C:\Users\Rudinho\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Rudinho\AppData\Roaming\WinRAR deleted successfully
C:\Users\Rudinho\AppData\Roaming\xmldm deleted successfully
C:\Users\Rudinho\AppData\Roaming\ZoomBrowser EX deleted successfully
C:\Users\Rudinho\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Rudinho\AppData\Local\Yahoo! deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} deleted successfully
HKEY_USERS\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E86BDDD-9038-4f12-8572-4A859C76F21F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Mozilla\Firefox\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\prefs.js:
user_pref("browser.startup.homepage", "google.de");

Added to C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Rudinho\AppData\Roaming\TomTom\HOME\Profiles\reng0id6.default\prefs.js:

Added to C:\Users\Rudinho\AppData\Roaming\TomTom\HOME\Profiles\reng0id6.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Convar not found
C:\PROGRA~2\Nokia not found
C:\PROGRA~2\TomTom DesktopSuite not found
C:\PROGRA~2\VideoLAN not found
C:\PROGRA~2\Windows Live SkyDrive deleted
C:\Windows\syswow64\appdata deleted
C:\Users\Rudinho\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\Rudinho\AppData\Roaming\WB.CFG deleted
C:\Users\Rudinho\AppData\Roaming\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\Users\Rudinho\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\extensions\firefox@ghostery.com.xpi deleted
C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\extensions\extension@ciuvo.com.xpi deleted
C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\jetpack deleted
"C:\PROGRA~3\ICQ" deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4064 MB
CPU Info: Intel® Core™2 Duo CPU     T6500  @ 2.10GHz
CPU Speed: 2135,8 MHz
Sound Card: Lautsprecher und Doppelkopfhöre |
Unabhängige Doppelkopfhörer (ID |
SPDIF (Digitaler Ausgang über K |
Display Adapters: ATI Mobility Radeon HD 4650 | ATI Mobility Radeon HD 4650 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; PnP-Monitor (Standard) |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Intel® WiFi Link 5100 AGN | Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
CD / DVD Drives: 2x (E: | F: | ) E: HL-DT-STDVDRAM GT20L     | F: ELBY    CLONEDRIVE
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  286,1GB | D:  12,0GB
Hard Disks - Free: C:  111,8GB | D:  11,9GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 07/10/09 | DELL   - 1
Time Zone: Mitteleuropäische Zeit
Motherboard *: Quanta 3624
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox    38.0.1
Internet Explorer Version: 11.0.9600.17801
Mozilla Firefox version: 38.0.1 (x86 de)
Adobe Reader version: 15.7.20033.133275

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-05-05 19:30:00    2169B4B1EFAA3453A4DA732F1F94C1E1    43112    ----a-w-    C:\Windows\avastSS.scr
====== C:\Users\Rudinho\AppData\Local\Temp ====
2015-05-25 21:04:35    0CFC0308F76EC217C457F54DDFCB3077    43008    ----a-w-    C:\Users\Rudinho\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp88ejcf.dll
2015-05-23 16:44:39    E5B43485D986CFECA401F10E9268C85A    515584    ----a-w-    C:\Users\Rudinho\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
====== Java Cache =====
2015-05-17 11:17:26    4313801B45E80B5B006D195679F28274    933    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d9bb503-1caac1a9
2015-05-14 16:17:34    F3B8F1885D83563FA59DF43797AB8C94    554    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\54281e60-52bddf6e
2015-05-17 11:17:25    F3B8F1885D83563FA59DF43797AB8C94    554    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\54281e60-6a8c5249
2015-05-14 16:17:36    C722FBD325E1553B0411C12CBA987E94    145281    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f37ccae-129dd1b0
2015-05-17 11:17:27    197E57593B82B4AA449FD713EF5C7FFB    145386    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2f37ccae-13e61fe3
2015-05-14 16:17:36    97B93BBBB813910CB8BFC80753E88AFF    533    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2550737a-461cca89
2015-05-17 11:17:26    97B93BBBB813910CB8BFC80753E88AFF    533    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2550737a-51e0f8b4
2015-05-17 11:17:25    448CDF7A35141C3A713B12388700A1F5    4633    ----a-w-    C:\Users\Rudinho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3a3d3f06-5a977f92
====== C:\Windows\SysWOW64 =====
2015-05-14 18:23:09    858EB73F68B20A2A5C66B6C000D1C0DD    102608    ----a-w-    C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 14:51:12    D0CA74BE380498A0111A73EB9C76CF8F    342016    ----a-w-    C:\Windows\SysWOW64\certcli.dll
2015-05-14 14:51:12    2665A3D34D1C62DF303723422215B001    248832    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2015-05-14 14:50:58    C3120D99E6DA7878A1DD2D88138AC60A    30720    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2015-05-14 14:50:58    9025CA7BCD6B7956366FC90B3D6E3933    47616    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 14:50:57    CFCB89C0FE8EF502A7934C0D20E5DBD6    76288    ----a-w-    C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 14:50:57    8C00AB01B1BC1E2F69765776BBC5A5D1    64000    ----a-w-    C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 14:50:56    C1A32612710492D0C3339E46EC15E333    504320    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2015-05-14 14:50:56    AA2F2D55DEF98007839D0189D721D70B    1310208    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2015-05-14 14:50:56    746BBC86351D07859D8B40056447F7B2    60416    ----a-w-    C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 14:50:56    6388FC82897DDDA607BBE3580D75AE15    342736    ----a-w-    C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 14:50:55    D74445161E58644309F858342F5E265C    19691008    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2015-05-14 14:50:55    C2EB0AA5570CF8BC881B36EE55A59337    688640    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 14:50:55    7B4FA4B41FBDBB12C5038FCB6E6652AA    285696    ----a-w-    C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 14:50:54    28313FF0DE83EAD8F5EF1B963D9078C3    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 14:50:53    F2DB87F164BC13AB8EF90FBF5D866B65    664576    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2015-05-14 14:50:53    E993B5E929F46A52E9F4EB68A7855CDF    62464    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2015-05-14 14:50:53    CC4974FCF9387F32A0FF87BCE093A5AD    620032    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 14:50:53    C525258A00ECFB4CE089F54C163268C3    2278400    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2015-05-14 14:50:53    63A2E3E9C771B1D4D7D84942D6FCB661    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 14:50:53    3CE5DE0730C22A54FE783DB8A989E8BD    47104    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 14:50:53    1BBC9CFD29A62D80FB77BB69BFF7513C    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 14:50:53    136687227F11CE928CB05F4FD90319AC    2052608    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 14:50:52    BCFA71A878903B5F92A7AFEFCCC5CA97    478208    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2015-05-14 14:50:52    5AAC24BF6C4A54DA526CC6244DEBE227    418304    ----a-w-    C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 14:50:52    0E22CD36FC3292CB812CC46CBCFD8444    12828672    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2015-05-14 14:50:49    1C5C5B5EF9CFDFC897D4549A2385DB3A    1155072    ----a-w-    C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 14:50:48    CB5F450D21B9D76B7F01D006E4AEDB40    1882112    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2015-05-14 14:50:48    6E2B4875B968324E5844F35A37A79260    4305920    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2015-05-14 14:50:48    37625FC1DAF886F1980E2D8F315B93AC    168960    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2015-05-14 14:50:48    07E82A31808C8BC053D1DE547082C58F    341504    ----a-w-    C:\Windows\SysWOW64\html.iec
2015-05-14 14:49:41    C22AB1781BC6F0BB1C9B352CF66DBFFC    1250816    ----a-w-    C:\Windows\SysWOW64\DWrite.dll
2015-05-14 14:49:22    418AEC0CE89A13200F2820079B9CDFD9    216064    ----a-w-    C:\Windows\SysWOW64\InkEd.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-05-23 16:40:49    5D1808E96339370526593494382AF8E6    5039640    ----a-w-    C:\Windows\Sysnative\FNTCACHE.DAT
2015-05-14 18:23:09    189FB45D7442083AE8A2E4E612233EF7    124112    ----a-w-    C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 14:51:15    71C85477DF9347FE8E7BC55768473FCA    328704    ----a-w-    C:\Windows\Sysnative\services.exe
2015-05-14 14:51:12    ED4B980701D081AC42F7B121C1E42149    460800    ----a-w-    C:\Windows\Sysnative\certcli.dll
2015-05-14 14:51:12    8AD8D17425C75D2621B2CDFE0DEABD21    342016    ----a-w-    C:\Windows\Sysnative\schannel.dll
2015-05-14 14:50:58    9DCD15027A13195ABA68B40A5EB26691    114688    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2015-05-14 14:50:57    E802824B9B4A16355A5233A7B8215ECE    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2015-05-14 14:50:57    70EDB996FE1BCB699232A15CB0D0FA32    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2015-05-14 14:50:56    5EDC6AF7589B65C89CB1154B3377D0C4    720384    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2015-05-14 14:50:56    1122DD841CCB7E07EF41039CBD66A29E    34304    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2015-05-14 14:50:55    6D2787CD32595A91969502A399E7BA48    77824    ----a-w-    C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-05-14 14:50:53    ED4EB5A0CDD251A17B946C515CB94D70    1547264    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2015-05-14 14:50:53    D7B9EEF960F68DC18724BB5F89A464DD    389840    ----a-w-    C:\Windows\Sysnative\iedkcs32.dll
2015-05-14 14:50:53    010F562B961AB8CAEC7A0C72F8FDD690    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2015-05-14 14:50:52    EB9FCD39D65E23380CB2C2F0E6F2ED53    316928    ----a-w-    C:\Windows\Sysnative\dxtrans.dll
2015-05-14 14:50:52    E20B5098C8707B2CF0858024568234FF    801280    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2015-05-14 14:50:52    2A2CDE78F9E9019AD0E4D804A02688A3    968704    ----a-w-    C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-05-14 14:50:51    F28577138120BA7E5423820D4B4C4727    66560    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2015-05-14 14:50:51    49B1935F131A44CD29857D6900CB643F    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2015-05-14 14:50:50    F918BE3C5ACA0B6485D725CC1A5348DC    2125824    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2015-05-14 14:50:50    843D063E75B19188759CBEC82828BCB1    2885120    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2015-05-14 14:50:49    B85ECB91C88F6E74045061B7F7DDEFA2    584192    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2015-05-14 14:50:48    29BBA65402DD568F49C837533F269482    144384    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2015-05-14 14:50:48    0B4E78E6E65D1FD2CE55C93CF1EFD623    54784    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2015-05-14 14:50:47    E061B5A1D0F9BBACA41149201ADF4A3B    14401536    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2015-05-14 14:50:47    CA0369799519F33DDE8FD26F5D87D014    490496    ----a-w-    C:\Windows\Sysnative\dxtmsft.dll
2015-05-14 14:50:47    1D610F215769E4FF56C7B1847DE4B86D    633856    ----a-w-    C:\Windows\Sysnative\ieui.dll
2015-05-14 14:50:46    FFC30231459FC44FD73E07532C707791    1359360    ----a-w-    C:\Windows\Sysnative\mshtmlmedia.dll
2015-05-14 14:50:46    1921A72BF1273BED72E569EF1F1A0611    92160    ----a-w-    C:\Windows\Sysnative\mshtmled.dll
2015-05-14 14:50:45    F0289B3A341429117696F0279DA977B6    2352128    ----a-w-    C:\Windows\Sysnative\wininet.dll
2015-05-14 14:50:45    DC1200D3C3AC1E69A4DAD053BC26BF0D    814080    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2015-05-14 14:50:45    79A4C71CD8B610DE9F66B72B5654C450    6025728    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2015-05-14 14:50:45    63061A0826839DE8F5B4713976C99F1B    816640    ----a-w-    C:\Windows\Sysnative\jscript.dll
2015-05-14 14:50:44    C1D6BD834E69E8F77C8B4DDFCEE073F6    417792    ----a-w-    C:\Windows\Sysnative\html.iec
2015-05-14 14:50:44    5A18ACE782C215300BE1C82D9EDC565B    88064    ----a-w-    C:\Windows\Sysnative\MshtmlDac.dll
2015-05-14 14:50:43    F2A1718334172C0F4E231E998F6CB8AB    199680    ----a-w-    C:\Windows\Sysnative\msrating.dll
2015-05-14 14:50:42    C31D57F7A58FACDA2671075CEBA75199    24971776    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2015-05-14 14:49:43    E612E86FA15EA1EF9A52433A2743C447    1179136    ----a-w-    C:\Windows\Sysnative\FntCache.dll
2015-05-14 14:49:42    D858C33B133740D5F1F1CF71C33F6355    3204608    ----a-w-    C:\Windows\Sysnative\win32k.sys
2015-05-14 14:49:42    490505F6E53EF046EC70A353BC9CD615    1647104    ----a-w-    C:\Windows\Sysnative\DWrite.dll
2015-05-14 14:49:22    2B36E0C5C262437E1B098344DEFA55F8    275456    ----a-w-    C:\Windows\Sysnative\InkEd.dll
2015-05-14 14:49:21    6B0F962B1EE486FFE7BCABBC9C736976    24576    ----a-w-    C:\Windows\Sysnative\jnwmon.dll
====== C:\Windows\Sysnative\drivers =====
2015-05-20 18:23:40    36E0DDD19038C92B7C7709BFA03F813F    69888    ----a-w-    C:\Windows\Sysnative\drivers\stream.sys
2015-05-17 11:29:56    E9CD058C79EA15B4AA93E259FA713B07    136408    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-05-17 11:29:18    F49FB3C88E263AE9A246593B0BB29294    63704    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2015-05-17 11:29:18    54D70409DE6932E9EFA117779611E7A9    107736    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-05-17 11:29:18    1E9E32AEC3E1EB1B31B8169F33168B56    25816    ----a-w-    C:\Windows\Sysnative\drivers\mbam.sys
2015-05-05 19:47:08    F7DFAE6040AC910B7C64EE208A34157D    95680    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
2015-05-05 19:47:08    8FE94F2EF9BF444E93E35D87E210D02F    155584    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2015-05-17 10:12:41    D6DDA938CF8A5015F6BA0A06A2B0F5EC    3160    ----a-w-    C:\Windows\Sysnative\Tasks\{311E65EE-C863-4C04-A30F-65529C90DEB5}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-05-17 21:23:48    --------    d-----w-    C:\Program Files\Microsoft Silverlight
======= C:\PROGRA~2 =====
2015-05-17 21:23:48    --------    d-----w-    C:\PROGRA~2\Microsoft Silverlight
======= C: =====
====== C:\Users\Rudinho\AppData\Roaming ======
2015-05-24 12:14:28    B7C701486508958040589545568D1E48    111640    ----a-w-    C:\Users\Rudinho\AppData\Local\GDIPFONTCACHEV1.DAT
====== C:\Users\Rudinho ======
2015-05-17 21:26:18    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-04 20:03:21    --------    d-----w-    C:\Users\Public\Foxit Software
2015-05-04 20:02:58    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

====== C: exe-files ==
=== C: other files ==
2015-05-24 12:43:58    65ED01482D10BE2A681E9A5B3970FC04    47944    ----a-w-    C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\extensions\vk@sergeykolosov.mp.xpi
2015-05-24 12:43:57    65ED01482D10BE2A681E9A5B3970FC04    47944    ----a-w-    C:\Users\Rudinho\AppData\Local\Temp\tmp-w6n.xpi
2015-05-21 19:35:06    48385E115CAAEC27479F22B4A844A52F    2254292    ----a-w-    C:\Users\Rudinho\AppData\Local\Temp\C85890A9-F6E1-4538-B1F7-F25C26CF24F2.zip
2015-05-20 18:23:40    36E0DDD19038C92B7C7709BFA03F813F    69888    ----a-w-    C:\Windows\System32\drivers\stream.sys

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Rudinho\AppData\Roaming\TomTom\HOME\Profiles\reng0id6.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [05.05.2015 21:29]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996
- Xmarks - %ProfilePath%\extensions\foxmarks@kei.com
- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- VKontakte.ru Downloader - %ProfilePath%\extensions\vk@sergeykolosov.mp.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Rudinho\AppData\Roaming\TomTom\HOME\Profiles\reng0id6.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.430.890926@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- ICQ Toolbar - %AppDir%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996
2147C8ED020B1CE3B82BBDD3C49C8F81    - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll -    WacomTabletPlugin


==== Deleted Firefox Extensions ======================

C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[17.04.2015 00:09]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} Google  Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

==== shortcuts on Users Desktops ======================

C:\Users\Rudinho\Desktop\Desktop\Adobe Acrobat 9 Pro.lnk - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Users\Rudinho\Desktop\Desktop\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Users\Rudinho\Desktop\Desktop\Avast Free Antivirus.lnk - C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Users\Rudinho\Desktop\Desktop\Bamboo Dock.lnk - C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Users\Rudinho\Desktop\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Rudinho\Desktop\Desktop\Dropbox.lnk - C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Rudinho\Desktop\Desktop\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Rudinho\Desktop\Desktop\ICQ7.5.lnk - C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Users\Rudinho\Desktop\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Rudinho\Desktop\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Rudinho\Desktop\Desktop\mp3DirectCut.lnk - C:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe
C:\Users\Rudinho\Desktop\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Users\Rudinho\Desktop\Desktop\Pixum Fotobuch.lnk - C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe
C:\Users\Rudinho\Desktop\Desktop\Skype.lnk - C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
C:\Users\Rudinho\Desktop\Desktop\Spybot - Search & Destroy.lnk - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Rudinho\Desktop\Desktop\Yahoo Messenger.lnk -  
C:\Users\Rudinho\Desktop\Desktop\Zeugnis-Generator 10.0.lnk - C:\Program Files (x86)\Zeugnis-Generator\ZG100.exe
C:\Users\Rudinho\Desktop\Desktop\Canon EOS 60d\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe
C:\Users\Rudinho\Desktop\Desktop\Canon EOS 60d\EOS Utility.lnk - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
C:\Users\Rudinho\Desktop\Desktop\Canon EOS 60d\Picture Style Editor.lnk - C:\Program Files (x86)\Canon\Picture Style Editor\PSEditor.exe
C:\Users\Rudinho\Desktop\Desktop\Canon EOS 60d\ZoomBrowser EX.lnk - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk -  
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Rudinho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\EB40326D3D5DFCC4983721939094A1BD deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShare Play deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rudinho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rudinho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Rudinho\AppData\Local\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\cache2 emptied successfully
C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\personas\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=148 folders=46 24063654 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Rudinho\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Rudinho\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26.05.2015 at  0:21:45,81 ======================
 



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 26 May 2015 - 05:29 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 26 May 2015 - 05:30 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 29 May 2015 - 04:15 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5253fecf7455b24aa23a820fb4ddd0b0
# engine=24035
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-26 10:35:46
# local_time=2015-05-27 12:35:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6811 184309596 0 0
# scanned=68157
# found=53
# cleaned=0
# scan_time=4171
sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=810C1517C36278077DAB711A8F81B9F9D08E43F0 ft=1 fh=d5a7903e1ff68e8e vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=7E105A4FE49D55CB3B71D8A91E6AD207E3BE1976 ft=1 fh=c5e772386234733f vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="a variant of Win32/ELEX.DH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=07097986407A53ADBFC7C2A6BCCBACF41F8971B7 ft=1 fh=f231f1e4c2bc3212 vn="a variant of Win32/ELEX.CY potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=5A77FB3D7934CFB0DF04AB5BE6F5636B9F61442E ft=1 fh=332bda805d36a167 vn="Win32/ELEX.DK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=4E409DDB2156AF741787458B35CECE4AC41FD8B0 ft=1 fh=33cac8fcf432a6a1 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=4E26DB266B754B627810C44A82C7484086F1CB3E ft=1 fh=8c26b72adef72cc0 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=E5CDD06C50650131591DAE0945340AA6ADC55E02 ft=1 fh=aaaec5f7af2e8f4b vn="a variant of Win32/ELEX.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=05F6C33F5A45CD34A9CAF61E295E886922448732 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\BoBrowser\Temp\source3344_30322\chrome.7z.vir"
sh=052CF7A10C2220549587A493E6AA7AB31059FC2C ft=1 fh=b441b46ee1f56b45 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\lrrot.dll.vir"
sh=D496D10A68179D30C2A8E753F177B80024E21724 ft=1 fh=2c28c5bbc2c0401d vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=0B8441FC2BFF5AD7364042752739351450CCE531 ft=1 fh=b506c4e0a9edc2a4 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=799816267E11729AE47D3DA65B3BDB9EFB272DE4 ft=1 fh=2eeead50cbb6ba73 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\ProxySettings.dll.vir"
sh=1B9DFDD7B9F4C756AE0277D7E0E298C8B7C3517F ft=1 fh=d4a1f925fbf21112 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Common.dll.vir"
sh=C588FE06CEAB251E1DB9A7ECD386DF99B67AECAB ft=1 fh=0f3805f7957da7f5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Communication.dll.vir"
sh=A8FFD20ECBDFD3F36E50AD5F37168D6524B767AF ft=1 fh=67dc6d97fbcc98ab vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=BF7953067E0E167C5EE5A079CF7B0A31BB606E48 ft=1 fh=8ba85a650cec6ea5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=40910EC0E079112C6CB8D402AD7D5F8C7963799D ft=1 fh=153cc9b8575822f0 vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=0459648419D68457A861D2FA1D6682822A53E035 ft=1 fh=646bd51d2c2ced2a vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Personalization.Common.dll.vir"
sh=5A3604C84EF2BD6F246FA0227C8F0A0B5DBEA451 ft=1 fh=75abb268287ae316 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=3EEBC5148F918F13742B08E1C5E234E369643014 ft=1 fh=bb1dbd23fa263d5b vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\sppsm.dll.vir"
sh=9E701DB966648F9594CF7C66BD05A196BD5E639E ft=1 fh=4b6b6a9bdcec148d vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\spusm.dll.vir"
sh=B2D51A241C095983246EFA0707358A7B84F674A3 ft=1 fh=fa82085b4d95dd0f vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srbs.dll.vir"
sh=84DFA8513BC5D5869A65E45787B0982416533D55 ft=1 fh=7633e73a8ff89552 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srbu.dll.vir"
sh=8AF3C95A5C906FEB601EC42908E52575280FE273 ft=1 fh=9a43d0dd4b8d8c50 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\sreu.dll.vir"
sh=216FC310CCC7F263FDB23398B9C39CF03EED4D79 ft=1 fh=6f923f60df81cc37 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srpdm.dll.vir"
sh=2ECC7BCF499305F75436B43EA3FA4FC60DC37D21 ft=1 fh=4a74338a34d926dd vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srprl.dll.vir"
sh=3A26A69CE536218D6DF5C5D2932DB807AF7DD976 ft=1 fh=9dd0811f936d3db5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srpt.dll.vir"
sh=4EAA251754E661F7DEF939B88E39546610F7D5AB ft=1 fh=9b321cfd650fb946 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srptc.dll.vir"
sh=EF83D85AF9527B5525E2F638D5E6BE3D836A2C3D ft=1 fh=43903fa2203117ee vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srut.dll.vir"
sh=27FBB2161B29148FBC20EBBCF5A07FDCA991026C ft=1 fh=0456e4230d5bc364 vn="a variant of Win32/Toolbar.Babylon.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=374CA69E67A1ABC42A8D39CAD7337F3BD3351926 ft=1 fh=feae0fe2f16b04d3 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\05985E3F02794DF7B6A8C1AD62C277D3\dlm.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\05985E3F02794DF7B6A8C1AD62C277D3\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\05985E3F02794DF7B6A8C1AD62C277D3\Whitesmoke_directN_p1v1.exe.vir"
sh=CC41CADBBD6BA6ED0BFDD17798B4C9F94D7955E0 ft=1 fh=e26a6656a404b558 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\1FF35D1FC9214F45B678E37B2D2F4E3D\DeltaTB.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="a variant of Win32/Toolbar.Babylon.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\3A5D228978C94E9E943B5DC52EAAD2B5\DeltaTB.exe.vir"
sh=6AA5FAD110322E0B502FB784DDDE2677842707F8 ft=1 fh=7eac28b77e17143b vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\3A5D228978C94E9E943B5DC52EAAD2B5\OCBrowserHelper_1.0.6.125.exe.vir"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\A7BCF4E9CD384134A12D0DAAEE03F1D1\sp-downloader.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="a variant of Win32/Toolbar.Babylon.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\C652A2278BA74B8781313827AE07B44A\DeltaTB.exe.vir"
sh=6AA5FAD110322E0B502FB784DDDE2677842707F8 ft=1 fh=7eac28b77e17143b vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\C652A2278BA74B8781313827AE07B44A\OCBrowserHelper_1.0.6.125.exe.vir"
sh=E84A7F0186D3663945B6528AC11D236369FE3BE5 ft=1 fh=42264a12eec40ade vn="a variant of Win32/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\CA46CFD9E38845DDA103DB5EBBE148F6\Installer.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\D4812EB313874D80AD1FA21D36575A63\DeltaTB.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5253fecf7455b24aa23a820fb4ddd0b0
# engine=24074
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-29 07:59:22
# local_time=2015-05-29 09:59:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 213427 184516212 0 0
# scanned=311770
# found=66
# cleaned=0
# scan_time=26719
sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=810C1517C36278077DAB711A8F81B9F9D08E43F0 ft=1 fh=d5a7903e1ff68e8e vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=7E105A4FE49D55CB3B71D8A91E6AD207E3BE1976 ft=1 fh=c5e772386234733f vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="a variant of Win32/ELEX.DH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=07097986407A53ADBFC7C2A6BCCBACF41F8971B7 ft=1 fh=f231f1e4c2bc3212 vn="a variant of Win32/ELEX.CY potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=5A77FB3D7934CFB0DF04AB5BE6F5636B9F61442E ft=1 fh=332bda805d36a167 vn="Win32/ELEX.DK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=4E409DDB2156AF741787458B35CECE4AC41FD8B0 ft=1 fh=33cac8fcf432a6a1 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=4E26DB266B754B627810C44A82C7484086F1CB3E ft=1 fh=8c26b72adef72cc0 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=E5CDD06C50650131591DAE0945340AA6ADC55E02 ft=1 fh=aaaec5f7af2e8f4b vn="a variant of Win32/ELEX.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=05F6C33F5A45CD34A9CAF61E295E886922448732 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\BoBrowser\Temp\source3344_30322\chrome.7z.vir"
sh=052CF7A10C2220549587A493E6AA7AB31059FC2C ft=1 fh=b441b46ee1f56b45 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\lrrot.dll.vir"
sh=D496D10A68179D30C2A8E753F177B80024E21724 ft=1 fh=2c28c5bbc2c0401d vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=0B8441FC2BFF5AD7364042752739351450CCE531 ft=1 fh=b506c4e0a9edc2a4 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=799816267E11729AE47D3DA65B3BDB9EFB272DE4 ft=1 fh=2eeead50cbb6ba73 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\ProxySettings.dll.vir"
sh=1B9DFDD7B9F4C756AE0277D7E0E298C8B7C3517F ft=1 fh=d4a1f925fbf21112 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Common.dll.vir"
sh=C588FE06CEAB251E1DB9A7ECD386DF99B67AECAB ft=1 fh=0f3805f7957da7f5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Communication.dll.vir"
sh=A8FFD20ECBDFD3F36E50AD5F37168D6524B767AF ft=1 fh=67dc6d97fbcc98ab vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=BF7953067E0E167C5EE5A079CF7B0A31BB606E48 ft=1 fh=8ba85a650cec6ea5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=40910EC0E079112C6CB8D402AD7D5F8C7963799D ft=1 fh=153cc9b8575822f0 vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=0459648419D68457A861D2FA1D6682822A53E035 ft=1 fh=646bd51d2c2ced2a vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Personalization.Common.dll.vir"
sh=5A3604C84EF2BD6F246FA0227C8F0A0B5DBEA451 ft=1 fh=75abb268287ae316 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=3EEBC5148F918F13742B08E1C5E234E369643014 ft=1 fh=bb1dbd23fa263d5b vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\sppsm.dll.vir"
sh=9E701DB966648F9594CF7C66BD05A196BD5E639E ft=1 fh=4b6b6a9bdcec148d vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\spusm.dll.vir"
sh=B2D51A241C095983246EFA0707358A7B84F674A3 ft=1 fh=fa82085b4d95dd0f vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srbs.dll.vir"
sh=84DFA8513BC5D5869A65E45787B0982416533D55 ft=1 fh=7633e73a8ff89552 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srbu.dll.vir"
sh=8AF3C95A5C906FEB601EC42908E52575280FE273 ft=1 fh=9a43d0dd4b8d8c50 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\sreu.dll.vir"
sh=216FC310CCC7F263FDB23398B9C39CF03EED4D79 ft=1 fh=6f923f60df81cc37 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srpdm.dll.vir"
sh=2ECC7BCF499305F75436B43EA3FA4FC60DC37D21 ft=1 fh=4a74338a34d926dd vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srprl.dll.vir"
sh=3A26A69CE536218D6DF5C5D2932DB807AF7DD976 ft=1 fh=9dd0811f936d3db5 vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srpt.dll.vir"
sh=4EAA251754E661F7DEF939B88E39546610F7D5AB ft=1 fh=9b321cfd650fb946 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srptc.dll.vir"
sh=EF83D85AF9527B5525E2F638D5E6BE3D836A2C3D ft=1 fh=43903fa2203117ee vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Local\LPT\srut.dll.vir"
sh=27FBB2161B29148FBC20EBBCF5A07FDCA991026C ft=1 fh=0456e4230d5bc364 vn="a variant of Win32/Toolbar.Babylon.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=374CA69E67A1ABC42A8D39CAD7337F3BD3351926 ft=1 fh=feae0fe2f16b04d3 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\05985E3F02794DF7B6A8C1AD62C277D3\dlm.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\05985E3F02794DF7B6A8C1AD62C277D3\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\05985E3F02794DF7B6A8C1AD62C277D3\Whitesmoke_directN_p1v1.exe.vir"
sh=CC41CADBBD6BA6ED0BFDD17798B4C9F94D7955E0 ft=1 fh=e26a6656a404b558 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\1FF35D1FC9214F45B678E37B2D2F4E3D\DeltaTB.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="a variant of Win32/Toolbar.Babylon.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\3A5D228978C94E9E943B5DC52EAAD2B5\DeltaTB.exe.vir"
sh=6AA5FAD110322E0B502FB784DDDE2677842707F8 ft=1 fh=7eac28b77e17143b vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\3A5D228978C94E9E943B5DC52EAAD2B5\OCBrowserHelper_1.0.6.125.exe.vir"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\A7BCF4E9CD384134A12D0DAAEE03F1D1\sp-downloader.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="a variant of Win32/Toolbar.Babylon.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\C652A2278BA74B8781313827AE07B44A\DeltaTB.exe.vir"
sh=6AA5FAD110322E0B502FB784DDDE2677842707F8 ft=1 fh=7eac28b77e17143b vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\C652A2278BA74B8781313827AE07B44A\OCBrowserHelper_1.0.6.125.exe.vir"
sh=E84A7F0186D3663945B6528AC11D236369FE3BE5 ft=1 fh=42264a12eec40ade vn="a variant of Win32/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\CA46CFD9E38845DDA103DB5EBBE148F6\Installer.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rudinho\AppData\Roaming\OpenCandy\D4812EB313874D80AD1FA21D36575A63\DeltaTB.exe.vir"
sh=5350721132450BE3E87735C79580897A5DE79C1F ft=1 fh=4ca65c5e0c5d8179 vn="a variant of Win32/Speedchecker.B potentially unwanted application" ac=I fn="C:\Users\Rudinho\AppData\Local\695794C2_stp\pcspeedup.exe"
sh=4CA4EC4E9D5CC60C68529ABE308D08CAEC04C953 ft=0 fh=0000000000000000 vn="a variant of Android/Leadbolt.E potentially unwanted application" ac=I fn="C:\Users\Rudinho\Documents\i9300 Update\Kristina Backup\GETAPK\apps\getapk.co.1.6.1.apk"
sh=C8E54F85AECFDA74CBA4C85E8E2D27205B8614F3 ft=0 fh=0000000000000000 vn="a variant of Android/Leadbolt.E potentially unwanted application" ac=I fn="C:\Users\Rudinho\Documents\i9300 Update\Kristina Backup\GETAPK\apps\getapk.co.1.6.apk"
sh=06F48F366DADB6F8D5DDA7C612C8B292B7CB3D02 ft=0 fh=0000000000000000 vn="a variant of Android/Leadbolt.E potentially unwanted application" ac=I fn="C:\Users\Rudinho\Documents\i9300 Update\Kristina Backup\TitaniumBackup\com.repodroid.app-de2b7b0913e0fe5aad538ad226c8d94e.apk.gz"
sh=2EDE796AAAA91F83FBFF41F22D772B63DDE44AE2 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AirPush.G potentially unwanted application" ac=I fn="C:\Users\Rudinho\Documents\i9300 Update\Rudi Backup\Download\getapk.co.1.5.apk"
sh=9F0DDE1DCF34AE322D33399DE1C717C9DCD88011 ft=0 fh=0000000000000000 vn="a variant of Android/Leadbolt.E potentially unwanted application" ac=I fn="C:\Users\Rudinho\Documents\i9300 Update\Rudi Backup\TitaniumBackup\com.repodroid.app-de2b7b0913e0fe5aad538ad226c8d94e.apk.gz"
sh=9176A51D800D3E917F4A25C42349123967EB59AC ft=0 fh=0000000000000000 vn="a variant of Android/Plankton.I trojan" ac=I fn="C:\Users\Rudinho\Documents\i9300 Update\Rudi Backup\TitaniumBackup\com.Street.Fighting.Game-e7d5183af503f1b2be96284b051c4e92.apk.gz"
sh=DAE2BF8BCB7497350F712C4E2B680835FB0F7E5B ft=0 fh=0000000000000000 vn="a variant of Android/Inmobi.A potentially unsafe application" ac=I fn="C:\Users\Rudinho\Documents\i9300 Update\Rudi Backup\TitaniumBackup\ru.idaprikol-d8caa2c4b9003d5eb57763ef2a9a7c76.apk.gz"
sh=CF325508EF2F5A9C2FDF72141E6477B6BF648171 ft=0 fh=0000000000000000 vn="a variant of Android/Exploit.Lotoor.ET trojan" ac=I fn="C:\Users\Rudinho\Documents\Kristina\Kristina Backup\Download\Framaroot-1.4.apk"
sh=2EDE796AAAA91F83FBFF41F22D772B63DDE44AE2 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AirPush.G potentially unwanted application" ac=I fn="C:\Users\Rudinho\Documents\Kristina\Kristina Backup\Download\getapk.co.1.5.apk"
sh=6A2B9357A23DE0C97C6765CDBBA1088FD64DB49E ft=0 fh=0000000000000000 vn="a variant of Android/Exploit.Lotoor.ET trojan" ac=I fn="C:\Users\Rudinho\Documents\Kristina\Kristina Backup\TitaniumBackup\com.alephzain.framaroot-0344c07ab9915d6103e8be1097046f2d.apk.gz"
sh=06F48F366DADB6F8D5DDA7C612C8B292B7CB3D02 ft=0 fh=0000000000000000 vn="a variant of Android/Leadbolt.E potentially unwanted application" ac=I fn="C:\Users\Rudinho\Documents\Kristina\Kristina Backup\TitaniumBackup\com.repodroid.app-de2b7b0913e0fe5aad538ad226c8d94e.apk.gz"
sh=8E11576A2D99F0900DF7B767B216F3813170EB97 ft=1 fh=103cd6974b4c4f5b vn="a variant of Win32/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
 



#15 Rudinho

Rudinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 29 May 2015 - 04:22 AM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Rudinho (administrator) on RUDINHO-PC on 29-05-2015 11:18:19
Running from C:\Users\Rudinho\Desktop\Desktop
Loaded Profiles: Rudinho (Available Profiles: Rudinho)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
(Dropbox, Inc.) C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Quanta Computer, INC.) C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-04-23] (Samsung Electronics)
HKLM-x32\...\Run: [Keyboard Manager Utility] => C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe [1438720 2009-11-16] (Quanta Computer, INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\Alwil Software\Avast5\setup\emupdate\07945247-77d7-4329-beb4-97e85e25ff4b.exe [183232 2015-05-29] (AVAST Software)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\MountPoints2: {75633d59-d865-11de-9b8a-00269e1ae82f} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49366;https=127.0.0.1:49366
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-04-17] (Avast Software s.r.o.)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-04-17] (Avast Software s.r.o.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-26] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-26] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [2013-04-23] (Samsung)
FF Plugin HKU\S-1-5-21-1302145231-2720168240-4248066923-1000: samsung.com/AllSharePlayPCPlugin -> C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll No File
FF Plugin HKU\S-1-5-21-1302145231-2720168240-4248066923-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\Extensions\elemhidehelper@adblockplus.org.xpi [2015-05-17]
FF Extension: Personas Plus - C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\Extensions\personas@christopher.beard.xpi [2015-05-17]
FF Extension: VKontakte.ru Downloader - C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\Extensions\vk@sergeykolosov.mp.xpi [2015-05-24]
FF Extension: Adblock Plus - C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Profiles\gbeh6rgi.default-1431858653996\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-28]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe [405896 2013-04-16] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-12-23] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe [605768 2013-04-23] (Copyright 2013 SAMSUNG)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-05] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 qkbfiltr; C:\Windows\System32\DRIVERS\qkbfiltr.sys [41984 2006-08-21] (Quanta Computer Inc.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2009-07-14] (Microsoft Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 01:39 - 2015-05-29 01:39 - 00000000 ____D () C:\Program Files\avast software
2015-05-28 01:19 - 2015-05-28 01:19 - 00314836 _____ () C:\Users\Rudinho\Documents\Backup Rudis Smartphone_S3 2015-05-28.mpb
2015-05-26 23:23 - 2015-05-26 23:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-26 23:09 - 2015-05-26 23:09 - 00355297 _____ () C:\Users\Rudinho\Desktop\Backup Kristinas Smartphone_S3 2015-05-26.mpb
2015-05-26 23:04 - 2015-05-28 01:19 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\MyPhoneExplorer
2015-05-26 22:37 - 2015-05-26 22:37 - 00002061 _____ () C:\Users\Rudinho\Desktop\MyPhoneExplorer.lnk
2015-05-26 22:37 - 2015-05-26 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-05-26 22:37 - 2015-05-26 22:37 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2015-05-26 00:19 - 2015-05-25 23:40 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-25 23:42 - 2015-05-26 00:21 - 00036436 _____ () C:\zoek-results.log
2015-05-25 23:40 - 2015-05-26 00:13 - 00000000 ____D () C:\zoek_backup
2015-05-24 14:11 - 2015-05-25 11:34 - 00000000 ____D () C:\Users\Rudinho\Desktop\Music_Mai_2015
2015-05-20 20:23 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-17 23:26 - 2015-05-17 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-17 23:23 - 2015-05-17 23:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 23:23 - 2015-05-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 14:48 - 2015-05-29 11:18 - 00000000 ____D () C:\FRST
2015-05-17 13:29 - 2015-05-17 13:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-17 13:29 - 2015-05-17 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 13:29 - 2015-05-17 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-17 13:29 - 2015-05-17 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 13:29 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-17 13:29 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-17 13:29 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-17 12:59 - 2015-05-17 13:22 - 00000000 ____D () C:\AdwCleaner
2015-05-17 12:12 - 2015-05-17 12:12 - 00003160 _____ () C:\Windows\System32\Tasks\{311E65EE-C863-4C04-A30F-65529C90DEB5}
2015-05-14 20:23 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 20:23 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:51 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:50 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 16:50 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 16:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 16:50 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 16:50 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 16:50 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 16:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 16:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 16:50 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 16:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 16:50 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 16:50 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 16:50 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 16:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 16:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 16:50 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 16:50 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 16:50 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 16:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 16:50 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 16:50 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 16:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 16:50 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 16:50 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 16:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 16:50 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 16:50 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 16:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 16:50 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 16:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 16:50 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 16:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 16:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 16:50 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 16:50 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 16:50 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 16:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 16:50 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 16:50 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 16:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 16:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 16:50 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 16:50 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 16:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 16:50 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 16:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 16:50 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 16:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 16:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 16:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 16:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 16:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 16:50 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 16:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 16:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 16:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 16:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 16:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 16:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 16:49 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:49 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:49 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:49 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:49 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:49 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:49 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:02 - 2015-05-17 13:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-07 22:25 - 2015-05-18 20:59 - 00000000 ____D () C:\Windows\rescache
2015-05-05 21:47 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-05 21:47 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-05 21:47 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-05 21:47 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-05 21:47 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-05 21:47 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-05 21:47 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-05 21:47 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-05 21:47 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-05 21:47 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-05 21:47 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-05 21:47 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-05 21:47 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-05 21:47 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-05 21:47 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-05 21:47 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-05 21:47 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-05 21:47 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-05 21:47 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-05 21:47 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-05 21:47 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-05 21:47 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-05 21:47 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-05 21:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-05 21:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-05 21:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-05 21:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-05 21:30 - 2015-05-05 21:30 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-05 21:30 - 2015-05-05 21:30 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-04 22:13 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-04 22:13 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-04 22:13 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-04 22:13 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-04 22:13 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-04 22:13 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-04 22:13 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-04 22:13 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-04 22:13 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-04 22:03 - 2015-05-04 22:03 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-05-04 22:02 - 2015-05-04 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 05:28 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 05:28 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 03:00 - 2012-12-11 22:25 - 01342731 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 01:41 - 2009-11-14 20:27 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C4ED241-6AAB-4050-902F-1D5B5D042085}
2015-05-29 01:32 - 2014-04-10 21:10 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-29 01:31 - 2014-08-25 23:07 - 00000000 ___RD () C:\Users\Rudinho\Dropbox
2015-05-29 01:31 - 2012-09-20 22:26 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Dropbox
2015-05-29 01:31 - 2012-09-20 21:54 - 00000000 ____D () C:\Samsung Link
2015-05-29 01:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 21:53 - 2009-11-17 21:59 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2015-05-26 21:30 - 2013-10-03 21:23 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\vlc
2015-05-26 21:15 - 2015-04-16 19:06 - 00000000 ____D () C:\Users\Rudinho\Desktop\Flitterwochen_Mexiko_Yucatan_Playa del Carmen_Playacar_Riu Yucatan_30.03.-14.04.2015
2015-05-26 21:11 - 2009-11-14 20:57 - 00716728 _____ () C:\Windows\system32\perfh019.dat
2015-05-26 21:11 - 2009-11-14 20:57 - 00151034 _____ () C:\Windows\system32\perfc019.dat
2015-05-26 21:11 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-05-26 21:11 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-05-26 21:11 - 2009-07-14 07:13 - 02487872 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 21:07 - 2009-12-23 15:39 - 42615296 ___SH () C:\Users\Rudinho\Desktop\Thumbs.db
2015-05-26 00:38 - 2012-04-12 10:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-26 00:38 - 2011-05-17 19:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-26 00:37 - 2014-08-20 21:40 - 00000000 ____D () C:\Users\Rudinho\AppData\Local\Adobe
2015-05-26 00:30 - 2009-11-23 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-05-26 00:30 - 2009-11-17 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-05-26 00:04 - 2009-11-14 16:38 - 00000000 ____D () C:\Users\Rudinho
2015-05-22 20:53 - 2012-06-08 22:24 - 00011264 _____ () C:\Users\Rudinho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-22 20:44 - 2009-11-21 10:36 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Skype
2015-05-22 20:42 - 2009-11-21 10:36 - 00000000 ____D () C:\ProgramData\Skype
2015-05-20 20:24 - 2015-03-29 22:43 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 20:24 - 2015-03-29 22:43 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 20:20 - 2014-07-16 23:15 - 00000000 ____D () C:\Users\Rudinho\Desktop\SM
2015-05-17 15:05 - 2012-09-20 22:29 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-17 15:05 - 2012-03-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-05-17 15:05 - 2009-11-17 00:13 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-05-17 15:05 - 2009-11-14 20:56 - 00000000 ____D () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
2015-05-17 15:02 - 2009-11-17 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-17 14:54 - 2009-11-16 22:36 - 00003196 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRudinho
2015-05-17 14:54 - 2009-11-16 22:36 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForRudinho.job
2015-05-17 14:41 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2015-05-17 13:04 - 2012-04-26 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 12:29 - 2009-12-23 15:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-17 12:20 - 2014-06-15 15:14 - 00001164 _____ () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 12:20 - 2011-03-27 15:09 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 12:20 - 2009-11-14 16:38 - 00001425 _____ () C:\Users\Rudinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-14 21:49 - 2015-02-16 23:57 - 00000000 ____D () C:\Users\Rudinho\Desktop\Festplatte
2015-05-14 21:05 - 2009-11-30 23:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 21:04 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 21:03 - 2013-07-10 23:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 20:44 - 2009-10-14 07:12 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-05 21:30 - 2014-05-08 22:45 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-05 21:30 - 2013-12-31 16:44 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-05 21:30 - 2013-02-28 20:30 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-05 21:30 - 2013-02-28 20:30 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-05 21:30 - 2012-02-26 15:43 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-05 21:30 - 2009-11-30 22:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-05 21:30 - 2009-11-30 22:55 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-05 21:29 - 2011-03-28 20:48 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-04 21:59 - 2014-05-17 17:15 - 00103424 ___SH () C:\Users\Rudinho\Documents\Thumbs.db
2015-04-30 12:25 - 2015-04-26 21:19 - 00012748 _____ () C:\Users\Rudinho\Documents\Nebenkosten.xlsx

==================== Files in the root of some directories =======

2013-03-01 23:09 - 2013-03-01 23:10 - 1181709 _____ () C:\Program Files\190771505_bf95264732.zip
2010-01-25 22:37 - 2012-08-10 21:46 - 0000156 _____ () C:\Users\Rudinho\AppData\Roaming\default.rss
2015-04-17 00:20 - 2015-04-17 00:20 - 0047168 _____ () C:\Users\Rudinho\AppData\Local\59ED2468_stp.CIS
2015-04-17 00:20 - 2015-04-17 00:20 - 0000289 _____ () C:\Users\Rudinho\AppData\Local\59ED2468_stp.CIS.part
2015-04-17 00:18 - 2015-04-17 00:18 - 0385602 _____ () C:\Users\Rudinho\AppData\Local\5D515C96_stp.CIS
2015-04-17 00:18 - 2015-04-17 00:18 - 0000220 _____ () C:\Users\Rudinho\AppData\Local\5D515C96_stp.CIS.part
2015-04-17 00:20 - 2015-04-17 00:20 - 6919995 _____ () C:\Users\Rudinho\AppData\Local\695794C2_stp.CIS
2015-04-17 00:20 - 2015-04-17 00:20 - 0000364 _____ () C:\Users\Rudinho\AppData\Local\695794C2_stp.CIS.part
2009-11-16 22:47 - 2009-11-16 22:47 - 0000000 _____ () C:\Users\Rudinho\AppData\Local\AtStart.txt
2012-06-08 22:24 - 2015-05-22 20:53 - 0011264 _____ () C:\Users\Rudinho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-16 22:47 - 2009-11-16 22:47 - 0000000 _____ () C:\Users\Rudinho\AppData\Local\DSwitch.txt
2009-11-16 22:47 - 2009-11-16 22:47 - 0000000 _____ () C:\Users\Rudinho\AppData\Local\QSwitch.txt
2009-11-16 23:05 - 2009-11-16 23:05 - 0000017 _____ () C:\Users\Rudinho\AppData\Local\resmon.resmoncfg
2014-08-26 00:14 - 2014-08-26 00:14 - 0000097 _____ () C:\Users\Rudinho\AppData\Local\TempPerfectTablePlan_guests.vcf
2009-11-21 10:38 - 2009-11-21 10:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-02-20 17:52 - 2012-02-20 18:00 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Some files in TEMP:
====================
C:\Users\Rudinho\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwicoiz.dll
C:\Users\Rudinho\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 17:22

==================== End of log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Rudinho at 2015-05-29 11:19:40
Running from C:\Users\Rudinho\Desktop\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1302145231-2720168240-4248066923-500 - Administrator - Disabled)
Gast (S-1-5-21-1302145231-2720168240-4248066923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1302145231-2720168240-4248066923-1002 - Limited - Enabled)
Rudinho (S-1-5-21-1302145231-2720168240-4248066923-1000 - Administrator - Enabled) => C:\Users\Rudinho

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
AC3File 0.6b (HKLM-x32\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AllShare Framework DMS (HKLM\...\{760B2E2C-9FC4-403E-95A7-6D61EBF15B05}) (Version: 1.3.07 - Samsung)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.4.96.511 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Free YouTube Download version 3.2.58.415 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.58.415 - DVDVideoSoft Ltd.)
Hauppauge MCE XP/Vista Software Encoder (2.0.27022) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.27022 - Hauppauge Computer Works, Inc.)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.3.1 - Hewlett-Packard)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Keyboard Manager Utility (HKLM-x32\...\InstallShield_{54217D12-40AD-4E37-8617-1F9AA19E9077}) (Version:  - )
Keyboard Manager Utility (HKLM-x32\...\InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}) (Version: 2.36.1000 - Publisher)
Keyboard Manager Utility (Version: 2.34.0000 - Publisher) Hidden
Keyboard Manager Utility (x32 Version: 2.36.1000 - Publisher) Hidden
K-Lite Codec Pack 8.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.51209 - Корпорация Майкрософт)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero 9 (HKLM-x32\...\{5a5da92c-c9e1-4613-9197-311662105d17}) (Version:  - Nero AG)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Samsung Link 1.5.0.1304231405 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1304231405 - Copyright 2013 SAMSUNG)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SoundTrax (x32 Version: 4.4.37.1 - Nero AG) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.4 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zeugnis-Generator 10.0 (HKLM-x32\...\{20E08DBB-9708-45E6-B4CD-3526ABC5BC6E}) (Version: 10.00.0001 - H&P Infomedia)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1302145231-2720168240-4248066923-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-05-2015 20:23:46 Windows Update
25-05-2015 23:42:09 zoek.exe restore point
26-05-2015 21:17:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-17 16:40 - 00450824 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com
127.0.0.1    123simsen.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09B02D70-1F5B-4F4A-9530-DA618B930ACB} - System32\Tasks\{9E12DA89-20F5-4079-9BAC-5BC71CC5D263} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {0A843B96-AC9D-4E87-B0D6-B9103BA5A526} - System32\Tasks\{8B00EC31-3602-48EB-B32A-12EC6EAF5020} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {127E7B56-99DD-4E0A-A091-917FE93AA2F4} - System32\Tasks\{5DCDE7B4-19F2-4DB8-9BBC-EC42A6FB8179} => pcalua.exe -a C:\Users\Rudinho\Desktop\nb_driver_w466u_w566u_w566n_kbmanager_vista64_2.34\KBManager\Setup.exe -d C:\Users\Rudinho\Desktop\nb_driver_w466u_w566u_w566n_kbmanager_vista64_2.34\KBManager
Task: {2F1CB5D1-B86D-46B0-8C46-05E3747EC0E8} - System32\Tasks\{83619E7A-3BF2-4935-8B42-004B0D8BEDD5} => pcalua.exe -a C:\Users\Rudinho\Desktop\iview437_setup.exe -d C:\Users\Rudinho\Desktop
Task: {35F72B63-A66E-46FA-9393-4413088A88E0} - System32\Tasks\{8F1654FA-EFD2-4D12-BC2A-C7F3463EC23E} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\7\SSECUninstall.exe
Task: {38670783-785F-4243-A2E4-703D7DF8EE19} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {3E6DA57A-85DF-4F58-BB20-FB9C723B135A} - System32\Tasks\{28577632-B309-4C74-A77D-5AD916DC6731} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-05-14] (Skype Technologies S.A.)
Task: {446B7D65-C525-46D3-A51A-1224F5C126F7} - System32\Tasks\{FDD9A430-C111-464A-972E-338B86850C1B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-05-14] (Skype Technologies S.A.)
Task: {4E96361D-77BE-4101-93A3-5F4BFF4ADB65} - System32\Tasks\{A452C314-A0BF-4F38-937F-9ABB3158D012} => pcalua.exe -a C:\Users\Rudinho\Desktop\mp3DC211.exe -d C:\Users\Rudinho\Desktop
Task: {554DC8C9-C8DE-4AC6-9C34-EC8F48E1EA98} - System32\Tasks\{9A231BCB-5FB4-4263-8D54-FB15A3C1F972} => pcalua.exe -a C:\Windows\TEMP\avast_ash\IrfanView\iview436_setup.exe -d "C:\Program Files\Alwil Software\Avast5"
Task: {5912C223-5E22-4126-AE73-67F4C2103BC6} - System32\Tasks\HPCeeScheduleForRudinho => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {5F02B7A0-92C3-49E0-A2B2-116065463509} - System32\Tasks\{E5A015C7-1425-4E47-8C56-5466A8DC0F4C} => pcalua.exe -a C:\Users\Rudinho\Desktop\sp45817.exe -d C:\Users\Rudinho\Desktop
Task: {61B316C2-E43E-4A4D-9892-6275B1926D5A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {62FE9A21-6DC9-446C-AFA5-F5C5EB997C10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6A21BEB5-7690-491E-A700-28C77FF3B8AA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {6BCCB4BA-7B1B-40BC-ACB5-97359825F3AC} - System32\Tasks\{BDE7E03A-A68C-4153-A369-679F0C2A629D} => pcalua.exe -a C:\Users\Rudinho\Desktop\AdobeAIRInstaller.exe -d C:\Users\Rudinho\Desktop
Task: {6EBC24D6-A26B-42BD-B0B1-D674869FF474} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {7326976F-6869-4FC6-B5FB-19071641D8C0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {8509EF1F-3CDB-4FB4-8535-A3CFEC817AD5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8DCDA3C3-656D-4400-B320-3B361E4DF89D} - System32\Tasks\{05D8664F-A2E9-4D72-BFBD-A079C37680D5} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {91561AC7-BFD9-4CD9-8545-A17FAC2A69C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {917BD0B4-CFCC-40BB-AAFD-B3E3F9D306F8} - System32\Tasks\{1E53F970-076C-4F28-A006-ECBED6DC6A4A} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Task: {A193DE6E-FAA7-4453-A4BC-7222E203577A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {BBBAA7AF-C9B6-47FA-810D-311DD6590BC5} - System32\Tasks\{122E1171-0F2A-4B8D-9D1C-7B79734148BE} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SS_BUninstall.exe
Task: {C1369C97-ED7A-4844-BC4D-42D9930BD626} - System32\Tasks\{311E65EE-C863-4C04-A30F-65529C90DEB5} => pcalua.exe -a C:\Users\Rudinho\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=tt4u
Task: {CCF06BB6-FC73-4C59-AE7A-A0F01DA52B43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E1B55B13-DB5C-4975-9A35-6C3DEA253CDB} - System32\Tasks\{CE7BE51E-AB9F-4552-A88F-A41DF871FBEC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {F9CDC9CC-0CE7-48C5-881D-2137900A4AB0} - System32\Tasks\{4E4803ED-9C07-47AA-84BD-B735CFC1B6B8} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {F9E5CD74-78AD-4D76-8D54-6461A98207CA} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-05] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\HPCeeScheduleForRudinho.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-25 22:30 - 2013-04-23 14:05 - 01226752 _____ () C:\Program Files\Samsung\Samsung Link\SecLibJNI.dll
2015-05-26 00:24 - 2015-05-26 00:24 - 00515584 ____N () C:\Users\Rudinho\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-04-25 22:30 - 2013-04-23 14:05 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2013-04-16 17:36 - 2013-04-16 17:36 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\JNIInterface.dll
2013-04-16 17:37 - 2013-04-16 17:37 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\ASFAPI.dll
2013-04-16 17:37 - 2013-04-16 17:37 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\MediaDB_Manager.dll
2013-02-14 19:41 - 2013-02-14 19:41 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-02-14 19:41 - 2013-02-14 19:41 - 00905216 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-04-16 17:38 - 2013-04-16 17:38 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\64bit\DMS_Manager.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2009-11-16 23:17 - 2009-11-16 23:17 - 00017920 _____ () C:\Program Files\Keyboard Manager\Manager Utility\QManager.dll
2013-12-08 13:37 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files (x86)\CCleaner\lang\lang-1031.dll
2015-05-05 21:30 - 2015-05-05 21:30 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-05-05 21:29 - 2015-05-05 21:29 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-05-28 00:43 - 2015-05-28 00:43 - 02951168 _____ () C:\Program Files\Alwil Software\Avast5\defs\15052701\algo.dll
2015-05-29 01:34 - 2015-05-29 01:34 - 02950656 _____ () C:\Program Files\Alwil Software\Avast5\defs\15052801\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\DMSManager.dll
2013-04-08 16:34 - 2013-04-08 16:34 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ContentDirectoryPresenter.dll
2013-02-15 16:54 - 2013-02-15 16:54 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\DCMCDP.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\FolderCDP.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\DCMImgExtractor.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libexpat.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\swscale-0.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AudioExtractor.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00063488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\tag.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libThumbnail.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\RichInfoDriver.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\VideoExtractor.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ThumbnailMaker.dll
2013-04-12 08:59 - 2013-04-12 08:59 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ImageMagickWrapper.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00133120 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\VideoMetadataDriver.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libKeyFrame.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\SECMetaDriver.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\ImageExtractor.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\libexif-12.dll.dll
2013-04-12 09:06 - 2013-04-12 09:06 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\TextExtractor.dll
2013-02-15 16:56 - 2013-02-15 16:56 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\Autobackup.dll
2013-02-15 16:56 - 2013-02-15 16:56 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\RosettaAllShare.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_serialization-vc90-mt-1_47.dll
2013-04-15 18:53 - 2013-04-15 18:53 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_date_time-vc90-mt-1_47.dll
2013-04-15 18:52 - 2013-04-15 18:52 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_system-vc90-mt-1_47.dll
2013-04-15 18:53 - 2013-04-15 18:53 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\us.dll
2015-05-29 01:30 - 2015-05-29 01:30 - 00043008 _____ () c:\users\rudinho\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwicoiz.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-17 00:10 - 2015-04-17 00:10 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Rudinho\Desktop\SM:com.dropbox.attributes
AlternateDataStreams: C:\Users\Rudinho\Documents\02cf202f-8f17-42b4-8012-1e1070fd9048.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Rudinho\Documents\a36e7c93-d12e-4f46-9106-49730c7c3dba.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Rudinho\Documents\Nebenkosten.xlsx:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1302145231-2720168240-4248066923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rudinho\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Rudinho^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4861FB5E-BAED-408A-9750-4310E83709A5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ABD7FB34-2FB4-430E-907A-7E7480C7A99E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{78DFBAEA-1C90-4695-83FC-C1D1035E74FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{792332A3-567A-49DA-B731-5AA78C51F230}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{88FB3BDC-886C-4AD0-A077-2D943B3BF341}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{64BF9433-DD19-41D9-9254-7E8D2BB63294}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{324676C4-1E19-4DFD-B786-3BC9C2E4615D}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{092481ED-A28A-4A82-8BDD-8D75EAA1877C}] => (Allow) C:\Program Files (x86)\ICQ7.5\ICQ.exe
FirewallRules: [{29B5B08A-84A9-47C2-B1FE-6EBC470E27E2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{DA019944-95A5-4C01-9D74-87D7443A2B81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91C3F9B2-4F04-4161-8F33-B1F9508A05FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B9F474B-8E8C-4A80-AEDF-03F38DBDDEC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{98A662CC-A2F0-4C78-A494-DAC61A2009CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{69B0996B-9399-4B44-865F-3681C50A3A44}C:\program files (x86)\icq7.5\icq.exe] => (Block) C:\program files (x86)\icq7.5\icq.exe
FirewallRules: [UDP Query User{6ED5040B-E64A-4CF4-AFFF-63503A7812D4}C:\program files (x86)\icq7.5\icq.exe] => (Block) C:\program files (x86)\icq7.5\icq.exe
FirewallRules: [{17FE816F-EA0E-4554-8C92-F3E15015B8F4}] => (Allow) LPort=80
FirewallRules: [TCP Query User{F097FD5E-3205-4962-B39D-AA3676963152}C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9FCD37CB-779E-416A-8869-751C028D695B}C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rudinho\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{CB593A16-7F9F-4FAE-AB9D-F96FCF2BD0B6}] => (Allow) C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{84C4D7F9-41CD-4B6B-B88D-F30C427C5849}] => (Allow) C:\Users\Rudinho\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D52EDB2B-75A2-4870-BEAF-2F92684DE3D1}] => (Allow) LPort=8743
FirewallRules: [{4292C2FE-A312-4987-A923-9879DD6D14A0}] => (Allow) LPort=8643
FirewallRules: [{1D1DFDF5-401B-4A9D-96AE-25BFD26659AF}] => (Allow) LPort=7676
FirewallRules: [{26CD753D-1448-4D36-8059-1332FD612C47}] => (Allow) LPort=7679
FirewallRules: [{C4000B33-C2BD-4AC4-A8F8-AA66C239E6EF}] => (Allow) LPort=24234
FirewallRules: [{F5759AAC-F7D2-4270-9718-657202F40D2A}] => (Allow) LPort=7900
FirewallRules: [{6ECC2A7A-82AC-4E53-843A-F16D6CF5B613}] => (Allow) LPort=1900
FirewallRules: [{86A2AF76-0D4D-4B40-811A-B6193E13FD9E}] => (Allow) LPort=8743
FirewallRules: [{10C3085C-976D-44D1-BA87-32ABC039F8E9}] => (Allow) LPort=8643
FirewallRules: [{A1CC79E0-9280-439D-8CE9-6BF699E188D0}] => (Allow) LPort=7676
FirewallRules: [{7EF1ABBA-6F0E-416F-A4FA-F5D3200963AD}] => (Allow) LPort=7679
FirewallRules: [TCP Query User{66225F1B-EA1C-4AC6-8E46-43EFD5959923}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DAECC68C-BE0D-4467-85CD-D471747A15A5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{56490C83-AA72-4A64-B0DD-CDAC8F8D5BCE}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{01531CF6-F166-447F-AE39-E342ABEC319C}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{AA1F3502-5C54-4E80-8B35-BE70F0D14A08}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
FirewallRules: [{7C6DC320-F333-479D-A394-F4CE5FF02080}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
FirewallRules: [{2D8DCF93-2A6E-4060-B89D-F1BA94FA57DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DDDBCD8-C138-4D14-B5DC-86BAECBBB8CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E78D5BC5-CEE8-4B8E-B008-7D862A58B3EE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3F129699-2CDB-466F-BB1A-BC3DA0E4204A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{939609DE-6724-489A-AC05-5E7B45C695AE}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{717CA15E-50D4-44F9-86E7-616065532689}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2015 11:17:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/29/2015 11:15:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/29/2015 11:00:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/29/2015 10:53:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/29/2015 10:52:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.

Error: (05/29/2015 10:52:08 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/29/2015 10:51:43 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/29/2015 10:51:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.

Error: (05/29/2015 05:26:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/29/2015 05:21:09 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcCtrlHandler received  failed with 0


System errors:
=============
Error: (05/29/2015 01:32:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/29/2015 01:32:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (05/29/2015 01:31:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/29/2015 01:31:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (05/29/2015 01:30:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/29/2015 01:30:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (05/29/2015 01:29:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen

Error: (05/29/2015 01:27:58 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/29/2015 01:27:58 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/29/2015 01:27:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (12/14/2012 11:43:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/30/2011 00:05:06 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/27/2011 01:50:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/27/2011 01:50:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/24/2011 01:28:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/23/2011 01:21:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/18/2011 01:58:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2011 02:21:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2011 02:21:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2011 02:21:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2010-01-23 17:46:31.987
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:31.978
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:31.968
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:31.959
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.669
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.660
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.651
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-01-23 17:46:21.637
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\Desktop\unlocker1.8.8-portable\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2009-11-16 21:49:22.051
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2009-11-16 21:49:22.051
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Rudinho\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 55%
Total physical RAM: 4063.19 MB
Available physical RAM: 1809.46 MB
Total Pagefile: 8124.59 MB
Available Pagefile: 5277.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:286.07 GB) (Free:99.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:12.02 GB) (Free:11.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5ABD451A)
Partition 1: (Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End of log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users