Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST Log


  • This topic is locked This topic is locked
5 replies to this topic

#1 king_abdel

king_abdel

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 26 July 2015 - 04:37 PM

Hello,

 

I am new in this Forum, i read some Topics, and i saw that FRST check for malicious Programs. But can you tell me please how to read this Log files to find the malicious Softs.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 PM

Posted 27 July 2015 - 12:11 PM

Hello and Welcome to BleepingComputer king_abdel,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.   :exclame: The fixes are specific to your problem and should only be used for the issue on your machine!  :exclame:
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is a important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:exclame: Below are a few tips :exclame:

  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

 
 

But can you tell me please how to read this Log files to find the malicious Softs

You have to pass a AntiMalware Training (like I did) that you are able to identify the Malware in the logs.

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

=============================

In your next post please post the following logs:-

  • FRST.txt
  • Addition.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 king_abdel

king_abdel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 27 July 2015 - 05:56 PM

Hello Makka,

 

I am very thankful for your answer. I have already applied some advices in another topics in this forum. I installed FRST, then i checked the Log text file for any malicious or suspect records, but i din't understood so much from it. Then i started "Malwarebytes Anti-Malware"(as adviced in the forum) which found much Malwares and cleaned it up. 

 

The problem was with Firefox: when i started it the computer get very hot and the processor run with more than 80% of its power. When i saw the list of processes, there was no suspectful process which may be responsible for this case, and when i closed Firefox then the processor usability get normal and the ventilation stop working.

 

After cleaning with anti malware i uninstlled Firefox then droped all folder of it (\appdata\local and appdata\local_roaming and \program files)

 

The last step was the new installation.

 

I have no problem now any more and the computer run very silent und fast.

 

i started now newly FRST, may be there is some other malware residing in my computer, and i wish if you can help me to check it.

 

The FRST.txt file:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von king_abdel (Administrator) auf TAHA-DELL (28-07-2015 00:27:56)
Gestartet von C:\Users\king_abdel\Desktop
Geladene Profile: king_abdel (Verfügbare Profile: king_abdel & mtarw_000)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806512 2013-12-30] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-01-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [Viber] => C:\Users\king_abdel\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [GoogleChromeAutoLaunch_2283E2F4E81ADB9952112222682465FA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-24] (Google Inc.)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Tomcat 8.0\bin\Tomcat8w.exe [110208 2015-05-19] (Apache Software Foundation)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [Dropbox Update] => C:\Users\king_abdel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-24] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-08-27]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\king_abdel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\king_abdel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-11]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{65A68842-A24D-4EF5-9A32-056B0F303A30}: [DhcpNameServer] 134.147.32.40 134.147.222.4
Tcpip\..\Interfaces\{F51582B2-02E7-46C5-A806-C6ED36EB8446}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\king_abdel\AppData\Roaming\Mozilla\Firefox\Profiles\oh234p9p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezi) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg [2014-10-21]
CHR Extension: (Bejeweled) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-05-31]
CHR Extension: (Google Docs) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-25]
CHR Extension: (Web Developer) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-05-31]
CHR Extension: (Gliffy Diagrams) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-09-22]
CHR Extension: (YouTube) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-25]
CHR Extension: (Adblock Plus) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-31]
CHR Extension: (Adblock for Youtube™) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-05-31]
CHR Extension: (Google Search) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-25]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2015-05-31]
CHR Extension: (Google Calendar) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-31]
CHR Extension: (Box) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-05-31]
CHR Extension: (Video Downloader professional) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-05-31]
CHR Extension: (Easy WebContent Free HTML Editor) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\encbaekhkcjjmhbcghnlcaiifdmfeokn [2015-05-31]
CHR Extension: (Type Scout - Better Typing! :)) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2015-05-31]
CHR Extension: (Creately - Collaborative Diagramming & Design) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\figjjaggcjcojopflaabmebmocabdglm [2014-10-21]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb [2015-03-20]
CHR Extension: (AdBlock) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-20]
CHR Extension: (Live HTTP Headers) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2015-01-03]
CHR Extension: (Dropbox) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-10-21]
CHR Extension: (PDF To Word Converter) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijcidehmghliocaelamimgiaiogcjal [2014-10-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Learn Italian with Yabla) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgcgdcknbalcapjbdndbccdlmoeoibg [2015-05-31]
CHR Extension: (Google Maps) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-10-21]
CHR Extension: (Google Drawings) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2014-10-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-25]
CHR Extension: (ТВ онлайн) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2015-05-31]
CHR Extension: (Outlook.com) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-05-31]
CHR Extension: (Gmail) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-25]

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [Datei ist nicht signiert]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-08-07] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 Tomcat8; C:\Program Files\Tomcat 8.0\bin\Tomcat8.exe [109696 2015-05-19] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [Datei ist nicht signiert]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U0 baioxmpc; C:\Windows\System32\drivers\uyue.sys [79064 2015-07-26] (Malwarebytes Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-21] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-20] (Intel Corporation)
R2 ISOMount; C:\Program Files (x86)\Free ISO Mount\FIMx64.sys [33896 2015-04-14] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2013-12-30] (Synaptics Incorporated)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 00:27 - 2015-07-28 00:28 - 00028620 _____ C:\Users\king_abdel\Desktop\FRST.txt
2015-07-26 23:21 - 2015-07-26 23:21 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\uyue.sys
2015-07-26 23:12 - 2015-07-26 23:18 - 00000000 ____D C:\Users\king_abdel\AppData\Local\Mozilla
2015-07-26 23:12 - 2015-07-26 23:12 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-26 23:12 - 2015-07-26 23:12 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-26 23:12 - 2015-07-26 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-26 23:12 - 2015-07-26 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-26 23:11 - 2015-07-26 23:11 - 00242904 _____ C:\Users\king_abdel\Downloads\Firefox Setup Stub 39.0.exe
2015-07-26 23:08 - 2015-07-26 23:21 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-26 23:08 - 2015-07-26 23:08 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-26 23:08 - 2015-07-26 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-26 23:08 - 2015-07-26 23:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 23:08 - 2015-07-26 23:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 23:08 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-26 23:08 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-26 23:08 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-26 23:07 - 2015-07-26 23:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\king_abdel\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-26 23:07 - 2015-07-26 23:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\king_abdel\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-26 23:02 - 2015-07-26 23:05 - 00000000 ____D C:\AdwCleaner
2015-07-26 23:01 - 2015-07-26 23:01 - 02248704 _____ C:\Users\king_abdel\Downloads\AdwCleaner.exe
2015-07-26 22:54 - 2015-07-28 00:28 - 00000000 ____D C:\FRST
2015-07-26 22:54 - 2015-07-26 22:55 - 00047852 _____ C:\Users\king_abdel\Downloads\FRST.txt
2015-07-26 22:54 - 2015-07-26 22:55 - 00044593 _____ C:\Users\king_abdel\Downloads\Addition.txt
2015-07-26 22:51 - 2015-07-26 22:51 - 02146816 _____ (Farbar) C:\Users\king_abdel\Desktop\FRST64.exe
2015-07-25 05:02 - 2015-07-25 05:02 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 20:25 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 20:25 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 20:25 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 20:25 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-19 21:02 - 2015-07-25 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-07-14 20:56 - 2015-07-14 20:56 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-14 20:47 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 20:47 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 20:47 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 20:47 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 20:47 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 20:47 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 20:47 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 20:47 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 20:47 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 20:47 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 20:47 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-14 20:47 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 20:47 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 20:47 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-14 20:47 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 20:47 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 20:47 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 20:47 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 20:47 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 20:47 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 20:47 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 20:47 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 20:47 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-14 20:47 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-14 20:47 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-14 20:47 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-07-14 20:46 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 20:46 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 20:46 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 20:46 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 20:46 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 20:46 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 20:46 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 20:46 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 20:46 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 20:46 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 20:46 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 20:46 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 20:46 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 20:46 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 20:46 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-14 20:46 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 20:46 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 20:46 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-14 20:46 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 20:46 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 20:46 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-14 20:46 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 20:46 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 20:46 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-14 20:46 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 20:46 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 20:46 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 20:46 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 20:46 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 20:46 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 20:46 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-14 20:46 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 20:46 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 20:46 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-14 20:46 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 20:46 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 20:46 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-14 20:46 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 20:46 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 20:46 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 20:46 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-14 20:46 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 20:46 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 20:46 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 20:46 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 20:46 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-14 20:46 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-14 20:46 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-02 20:45 - 2015-07-02 20:46 - 00000000 ____D C:\Users\mtarw_000\AppData\Local\Adobe
2015-06-29 20:47 - 2015-06-29 20:47 - 00243592 _____ C:\Users\king_abdel\Downloads\Firefox Setup Stub 38.0.5.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 00:26 - 2014-08-25 13:03 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3768936031-2504658206-505645752-1001
2015-07-28 00:24 - 2014-09-24 02:58 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{45C84480-A682-4765-A88A-D62EDF36DDFA}
2015-07-28 00:24 - 2014-05-21 03:36 - 01814169 _____ C:\Windows\WindowsUpdate.log
2015-07-28 00:22 - 2014-08-25 20:40 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\Dropbox
2015-07-28 00:21 - 2014-08-25 22:07 - 00000000 ____D C:\Users\king_abdel\AppData\Local\TSVNCache
2015-07-28 00:21 - 2014-08-25 21:31 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 00:21 - 2014-08-25 13:00 - 00000000 __RDO C:\Users\king_abdel\OneDrive
2015-07-28 00:20 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-28 00:20 - 2013-08-22 16:46 - 00048702 _____ C:\Windows\setupact.log
2015-07-27 01:03 - 2014-08-25 21:31 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 01:02 - 2015-06-18 18:52 - 00001240 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA.job
2015-07-27 00:56 - 2014-08-25 21:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 23:21 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SchCache
2015-07-26 23:14 - 2014-05-21 03:46 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-26 23:12 - 2014-08-25 13:26 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\Mozilla
2015-07-26 23:11 - 2014-05-21 03:17 - 01788458 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-26 23:11 - 2013-08-23 01:24 - 00769304 _____ C:\Windows\system32\perfh007.dat
2015-07-26 23:11 - 2013-08-23 01:24 - 00161112 _____ C:\Windows\system32\perfc007.dat
2015-07-26 23:06 - 2015-04-12 01:50 - 00000000 ____D C:\ProgramData\VMware
2015-07-26 23:06 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 23:05 - 2014-08-25 12:57 - 00000000 ____D C:\Users\king_abdel
2015-07-26 23:05 - 2014-05-21 03:00 - 00076880 _____ C:\Windows\PFRO.log
2015-07-26 23:05 - 2013-08-22 15:25 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-07-26 22:34 - 2014-09-18 20:58 - 01175040 ___SH C:\Users\king_abdel\Desktop\Thumbs.db
2015-07-25 06:34 - 2014-08-25 12:58 - 00000000 ____D C:\Users\king_abdel\Documents\Meine empfangenen Dateien
2015-07-25 05:08 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-25 05:02 - 2015-06-27 13:27 - 00000000 ____D C:\Users\king_abdel\AppData\Local\CrashDumps
2015-07-25 02:38 - 2013-08-22 16:44 - 00485600 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-25 02:37 - 2014-08-28 18:24 - 00000000 ____D C:\Windows\system32\MRT
2015-07-21 22:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-07-21 21:02 - 2015-06-18 18:52 - 00001188 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core.job
2015-07-21 20:56 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-19 20:57 - 2015-06-18 18:52 - 00004184 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA
2015-07-19 20:57 - 2015-06-18 18:52 - 00003804 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core
2015-07-18 04:32 - 2014-11-29 13:22 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\vlc
2015-07-16 21:51 - 2014-10-02 23:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 21:50 - 2015-01-04 12:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 20:58 - 2014-08-25 21:31 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 20:58 - 2014-08-25 21:31 - 00003874 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 22:49 - 2014-08-26 16:22 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3768936031-2504658206-505645752-1004
2015-07-14 22:01 - 2014-08-25 22:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 20:56 - 2014-08-25 21:29 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 19:49 - 2014-08-26 16:40 - 00000000 ____D C:\Users\mtarw_000\AppData\Local\TSVNCache
2015-07-13 19:49 - 2014-08-26 16:18 - 00000000 ___DO C:\Users\mtarw_000\OneDrive
2015-07-09 20:23 - 2014-11-28 05:22 - 00000000 ____D C:\Users\king_abdel\.VirtualBox
2015-07-05 12:08 - 2014-10-05 04:37 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2014-08-28 18:24 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 20:45 - 2014-10-02 23:21 - 00000000 ____D C:\Users\king_abdel\AppData\Local\Adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-21 03:02 - 2014-05-21 03:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\mtarw_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4z6er7.dll
C:\Users\mtarw_000\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mtarw_000\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\mtarw_000\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\king_abdel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhtym3.dll
C:\Users\king_abdel\AppData\Local\Temp\Quarantine.exe
C:\Users\king_abdel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-25 05:07

==================== Ende von log ============================

The Addition.txt:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-07-2015
durchgeführt von taha an 2015-07-28 00:28:51
Gestartet von C:\Users\taha\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3768936031-2504658206-505645752-500 - Administrator - Disabled)
Gast (S-1-5-21-3768936031-2504658206-505645752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3768936031-2504658206-505645752-1003 - Limited - Enabled)
mtarw_000 (S-1-5-21-3768936031-2504658206-505645752-1004 - Limited - Enabled) => C:\Users\mtarw_000
taha (S-1-5-21-3768936031-2504658206-505645752-1001 - Administrator - Enabled) => C:\Users\taha

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E6ACD66-B207-217A-4D56-070D89395CED}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apache Tomcat 8.0 Tomcat8 (remove only) (HKLM\...\Apache Tomcat 8.0 Tomcat8) (Version: 8.0.23 - )
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.1 - Synaptics Incorporated)
Dropbox (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Free ISO Mount (HKLM-x32\...\FreeISOMount) (Version: 1.0 - Media Freeware)
Free ISO Mount Packages (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Free ISO Mount Packages) (Version:  - ) <==== ATTENTION
Geany 1.24 (HKLM-x32\...\Geany) (Version: 1.24 - The Geany developer team)
Git version 1.9.4-preview20140815 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140815 - The Git Development Community)
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version:  - )
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0-1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 39.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 fr)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905-1) (Version: 8.0.2 - NetBeans.org)
Node.js (HKLM\...\{A744EE31-693F-43F2-AF73-A093264A9E1B}) (Version: 0.10.31 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
OpenVPN 2.3.4-I003  (HKLM\...\OpenVPN) (Version: 2.3.4-I003 - )
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
OWASP ZAP 2.3.1 (HKLM-x32\...\OWASP ZAP_is1) (Version:  - psiinon@gmail.com)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Viber (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\XBMC) (Version:  - Team XBMC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\taha\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

30-06-2015 23:10:52 Windows Update
09-07-2015 19:25:51 Windows Update
14-07-2015 21:57:45 Windows Update
18-07-2015 03:19:51 Windows Update
21-07-2015 20:55:48 Windows Update
25-07-2015 02:32:16 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2015-01-06 01:49 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {17102473-B74B-4B4E-A126-F73EDC262821} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {1FD626BC-252C-4A0D-8DE8-1B5290333DE7} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {355B64CC-8C52-44A4-AC7C-F3ADD007F5E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25] (Google Inc.)
Task: {3E560A1F-B62E-4FF7-BCD2-88F58F1A8658} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {431E5CD3-E75D-4C3B-833E-D5BC09616996} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-05-20] (Maxthon International ltd.)
Task: {4D755DB7-D9B3-4B27-83A8-69F741CFC393} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3768936031-2504658206-505645752-1001
Task: {6948BB2D-A392-4975-9517-AB9579834FB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25] (Google Inc.)
Task: {6FB40BCD-24CE-4F96-92D9-14922831131B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {836AA0F6-0B64-45F7-AAE2-FA7EA48CF79D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {8FC35637-866E-47DC-9B65-3C4AFA6729B9} - System32\Tasks\MsgUpdateCheck (de5e9f60-5adf-404f-9048-3ab8bfd91685) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-09-30] (MarkedUp Inc)
Task: {B869B196-539C-474A-8FF5-0CA4321F7C72} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BEE2A894-CD37-4D02-8D22-0516FC1338F5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {CB41B8CC-ED7E-4710-876E-B0F9E4DD4DE4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA => C:\Users\taha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {CEF0830B-EBEC-4E37-8B47-C62E0E9B37E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D91C1333-D318-405A-BF3A-8A9072DF9062} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core => C:\Users\taha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {DB81542F-5D89-4D6D-8F7E-60B8872CE796} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {EBF6A61F-73D1-4035-8A36-345C6E40B885} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {FA33A354-D172-4DDD-810D-A4A48C198F61} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core.job => C:\Users\taha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA.job => C:\Users\taha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-01-10 14:53 - 2014-01-10 14:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 14:53 - 2014-01-10 14:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 14:53 - 2014-01-10 14:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-10 15:24 - 2014-01-10 15:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-10 15:24 - 2014-01-10 15:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-07-04 14:13 - 2015-07-04 14:13 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-05-21 03:35 - 2013-12-18 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-28 00:21 - 2015-07-28 00:21 - 00043008 _____ () c:\users\taha\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhtym3.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\taha\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\taha\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\taha\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\taha\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\taha\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\taha\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\taha\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\mtarw_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\taha\OneDrive:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3768936031-2504658206-505645752-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\taha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2283E2F4E81ADB9952112222682465FA"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB484846-4667-4775-B22A-43F48DCAEFB3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{812EEDC2-9D94-4D5B-A522-2E47F5180B3B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4E832A8B-CA93-440C-B1F8-C5981521F429}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B32975EA-9BCA-470D-A1BF-134417D0F210}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{176F2551-6B70-4567-88A3-4A482D702CD7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E6A05620-028D-43AD-B10D-C7710471C3FC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{24AFF077-B1B9-481E-B443-EAF787C837FB}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{211955A1-EEA5-424F-A424-FE3A21C3A86E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{DCE08C6B-7342-46DD-88A6-7EFFD60D4794}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{290FF34C-D5A2-4C49-B841-143C4AAEAD88}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D5AA5157-D810-402A-9C44-A9AC01D85BF4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [TCP Query User{DA26D4CF-1D0B-4BD8-8468-2FBEC0F468D0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8711C3A4-E48C-4C40-A9BD-A09EA90FEE8E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0A38073C-2465-4F48-9CC6-06F877498888}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{22F9C638-9217-48A7-B626-1CD23839DFD4}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5DD1B99B-20AA-4270-B733-5C25E12DF9D0}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{0ECD5E1C-DD6C-4FCB-B40F-FCB856D51E2F}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{E9B105CD-80D7-44D7-B7F6-566E1D38688B}] => (Block) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{346B80C9-CBA4-4C45-A98C-101C022AFC57}] => (Block) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{3D9087DC-35E1-4060-98DE-FABB9705C3D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F297447A-6C45-4A6A-B4F6-85C1D5774DD7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{820A5363-9DD2-4B4F-91F7-7C80A5AFA755}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4E357C61-3420-455E-B1F8-67D3F128D4C5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{558CBC9C-7703-4908-B38C-EDDBA06A94CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox31\firefox.exe
FirewallRules: [TCP Query User{71E51357-F903-4357-A4A6-4456E1FF3252}C:\users\taha\downloads\utorrent.exe] => (Block) C:\users\taha\downloads\utorrent.exe
FirewallRules: [UDP Query User{C2B62B7F-A967-4221-A33A-93A3C7A11FF7}C:\users\taha\downloads\utorrent.exe] => (Block) C:\users\taha\downloads\utorrent.exe
FirewallRules: [{D3D86DEE-DCF9-4219-B04C-D68B73CCC09E}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9657F7B0-DAED-46F1-B839-4DFF264723AC}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{27B54C99-2CA2-48A6-A973-4C7C4A3AA69A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{382DBB8E-A45A-480D-9C3D-9700E80B3253}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0F2C8A3A-D47D-4A94-B6AB-D2C97AC22A29}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{754E2A5C-7072-4EFE-B1CA-A1961847EAA2}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3BFAE97-ACC0-4F1E-AB0F-9683AAF6F60A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9CB9D7F7-410B-4131-BF95-6FE92CF9CEDB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C5A0BD68-C9FA-4624-BB5B-4C84D27A2429}] => (Allow) C:\Users\taha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E92E02CC-E3EE-4246-A84E-F4B4FCB4832F}] => (Allow) C:\Users\taha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{F362A64D-6C4A-4912-AEE0-4B4F2E27AC7A}C:\users\taha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\taha\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E61B6F9D-21ED-44F4-B697-EC113B493C0E}C:\users\taha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\taha\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{685F1E83-0032-4299-98B1-C13C6C6EC32A}C:\users\taha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\taha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D50D0216-AA2D-410B-9F62-AED6CCA35FEB}C:\users\taha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\taha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E510C98A-8789-4B50-A894-BA6037AD2904}] => (Block) C:\users\taha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{3B5EDA79-494F-4C3F-8A68-9082ABE0D5C8}] => (Block) C:\users\taha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{88CB4CC6-3248-4E0D-B90D-9A30DE1D6EF8}C:\users\taha\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\taha\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{D8E28A2E-EE9E-437F-9684-15B92C2279BD}C:\users\taha\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\taha\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [TCP Query User{72C1C88B-7502-49BA-8BF1-984B37A7D426}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{A9F978FD-FF0F-4CB6-ACC2-6F6A31843D0C}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{AF5F472D-FCCC-490B-82A9-7A781EE44415}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{37191894-692D-4FF9-A98C-54041BEED491}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{0B548A8E-DA8D-4C02-AD4C-F224437AC6DC}C:\users\taha\documents\eclipse\eclipse.exe] => (Allow) C:\users\taha\documents\eclipse\eclipse.exe
FirewallRules: [UDP Query User{997E3413-0837-4228-B61F-FF225A54752A}C:\users\taha\documents\eclipse\eclipse.exe] => (Allow) C:\users\taha\documents\eclipse\eclipse.exe
FirewallRules: [{4644000F-A35A-408F-9AEA-9B29B1F2BFC3}] => (Block) C:\users\taha\documents\eclipse\eclipse.exe
FirewallRules: [{F3EFD017-A901-497A-8A79-9AB1970223A5}] => (Block) C:\users\taha\documents\eclipse\eclipse.exe
FirewallRules: [TCP Query User{94EAE1F5-9836-400C-A455-9586166BCCC5}C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe] => (Allow) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [UDP Query User{C7E64E8C-D270-43B4-A8B9-540AEE1BCD75}C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe] => (Allow) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [{3065D80C-2A2F-4B42-8CF6-C17688B6D002}] => (Block) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [{181652EE-E390-4641-B496-BD7F31D1607A}] => (Block) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [TCP Query User{D0F10B75-42D2-4925-8B38-C4DC39FDD5B3}C:\users\taha\desktop\eclipse\eclipse.exe] => (Allow) C:\users\taha\desktop\eclipse\eclipse.exe
FirewallRules: [UDP Query User{17637592-163D-43D8-8D05-97F2EA5E730B}C:\users\taha\desktop\eclipse\eclipse.exe] => (Allow) C:\users\taha\desktop\eclipse\eclipse.exe
FirewallRules: [{2A9F3ED4-B662-4D43-BCC1-2B9C62397622}] => (Block) C:\users\taha\desktop\eclipse\eclipse.exe
FirewallRules: [{F9E6A70A-0F1F-4716-8881-7C83C8F27148}] => (Block) C:\users\taha\desktop\eclipse\eclipse.exe
FirewallRules: [TCP Query User{75DF3A44-16DA-40CB-AE0A-49F1E4BB15FE}C:\users\taha\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe] => (Allow) C:\users\taha\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [UDP Query User{01C99B2E-92DB-431A-9FD6-F1F501DBD90C}C:\users\taha\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe] => (Allow) C:\users\taha\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [{B53D8D4A-5BD0-456C-B003-A84FFB31366F}] => (Block) C:\users\taha\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [{5E8DB17A-E215-4722-91D3-A59719350C0C}] => (Block) C:\users\taha\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [{E09908CE-2170-4443-9CD2-C78CB2893692}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E99CE952-83B0-4FAB-A995-CD644211C39D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC8C88FB-61F4-437D-B15F-B8930DA07A7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/26/2015 11:06:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/25/2015 06:39:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12e0

Startzeit: 01d0c6843c82a3bb

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 074749ed-3287-11e5-82a3-a088695c4f35

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/25/2015 06:21:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 162c

Startzeit: 01d0c68d4c878ac0

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\backgroundTaskHost.exe

Berichts-ID: 927eb5c1-3284-11e5-82a3-a088695c4f35

Vollständiger Name des fehlerhaften Pakets: 65224AljazeeraMediaNetwor.3016831463E98_2.0.0.2_x64__tnpp68nm81ev6

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/25/2015 05:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 39.0.0.5659, Zeitstempel: 0x55934d06
Name des fehlerhaften Moduls: mozalloc.dll, Version: 39.0.0.5659, Zeitstempel: 0x55933a83
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (07/25/2015 04:47:12 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (07/25/2015 02:38:52 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/24/2015 03:52:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1750

Startzeit: 01d0c59a489a23a3

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\backgroundTaskHost.exe

Berichts-ID: aefa2cb1-31a6-11e5-82a2-ecf4bb9da6d0

Vollständiger Name des fehlerhaften Pakets: 10631PaolosAdventures.559711D6C5976_1.0.0.43_neutral__ntpp077zx3tm0

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/20/2015 12:53:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 44c

Startzeit: 01d0c270adce08d7

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: efbea873-2e68-11e5-82a2-ecf4bb9da6d0

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/17/2015 02:36:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c80

Startzeit: 01d0c00f8594541a

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\backgroundTaskHost.exe

Berichts-ID: eca49d5a-2c1b-11e5-82a2-a088695c4f31

Vollständiger Name des fehlerhaften Pakets: 65224AljazeeraMediaNetwor.3016831463E98_2.0.0.2_x64__tnpp68nm81ev6

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/16/2015 01:15:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TAHA-DELL)
Description: Bei der Aktivierung der App „10631PaolosAdventures.559711D6C5976_ntpp077zx3tm0!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (07/26/2015 11:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (07/26/2015 11:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (07/26/2015 11:05:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (07/26/2015 11:05:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Druckwarteschlange" wurde mit folgendem Fehler beendet: 
%%2147944103

Error: (07/26/2015 11:05:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware NAT Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dell Data Vault" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================

CodeIntegrity Fehler:
===================================
  Date: 2015-07-25 05:08:29.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-25 05:08:29.440
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 21:39:14.352
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 21:39:14.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-27 03:52:51.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-27 03:52:51.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-21 20:13:36.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-21 20:13:36.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-07 17:17:28.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-07 17:17:28.185
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 14%
Total physical RAM: 16264.96 MB
Available physical RAM: 13922.87 MB
Total Virtual: 18696.96 MB
Available Virtual: 15917.35 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:219.83 GB) (Free:44.93 GB) NTFS
Drive d: (Studium) (Fixed) (Total:200.02 GB) (Free:172.94 GB) NTFS
Drive e: (Professionnel und Bücher) (Fixed) (Total:300.01 GB) (Free:276.73 GB) NTFS
Drive f: (Kultur und Entertainement) (Fixed) (Total:200 GB) (Free:151.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5FDB29C2)

Partition: GPT Partition Type.

==================== Ende von log ============================


#4 king_abdel

king_abdel
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 27 July 2015 - 06:00 PM

Hello Makka,

 

I am very thankful for your answer. I have already applied some advices in another topics in this forum. I installed FRST, then i checked the Log text file for any malicious or suspect records, but i din't understood so much from it. Then i started "Malwarebytes Anti-Malware"(as adviced in the forum) which found much Malwares and cleaned it up. 

 

The problem was with Firefox: when i started it the computer get very hot and the processor run with more than 80% of its power. When i saw the list of processes, there was no suspectful process which may be responsible for this case, and when i closed Firefox then the processor usability get normal and the ventilation stop working.

 

After cleaning with anti malware i uninstlled Firefox then droped all folder of it (\appdata\local and appdata\local_roaming and \program files)

 

The last step was the new installation.

 

I have no problem now any more and the computer run very silent und fast.

 

i started now newly FRST, may be there is some other malware residing in my computer, and i wish if you can help me to check it.

 

The FRST.txt file:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von king_abdel (Administrator) auf TAHA-DELL (28-07-2015 00:27:56)
Gestartet von C:\Users\king_abdel\Desktop
Geladene Profile: king_abdel (Verfügbare Profile: king_abdel & mtarw_000)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806512 2013-12-30] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-01-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [Viber] => C:\Users\king_abdel\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [GoogleChromeAutoLaunch_2283E2F4E81ADB9952112222682465FA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-24] (Google Inc.)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Tomcat 8.0\bin\Tomcat8w.exe [110208 2015-05-19] (Apache Software Foundation)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Run: [Dropbox Update] => C:\Users\king_abdel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-24] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-08-27]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\king_abdel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\king_abdel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-11]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{65A68842-A24D-4EF5-9A32-056B0F303A30}: [DhcpNameServer] 134.147.32.40 134.147.222.4
Tcpip\..\Interfaces\{F51582B2-02E7-46C5-A806-C6ED36EB8446}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\king_abdel\AppData\Roaming\Mozilla\Firefox\Profiles\oh234p9p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezi) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg [2014-10-21]
CHR Extension: (Bejeweled) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-05-31]
CHR Extension: (Google Docs) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-25]
CHR Extension: (Web Developer) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-05-31]
CHR Extension: (Gliffy Diagrams) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-09-22]
CHR Extension: (YouTube) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-25]
CHR Extension: (Adblock Plus) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-31]
CHR Extension: (Adblock for Youtube™) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-05-31]
CHR Extension: (Google Search) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-25]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2015-05-31]
CHR Extension: (Google Calendar) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-31]
CHR Extension: (Box) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-05-31]
CHR Extension: (Video Downloader professional) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-05-31]
CHR Extension: (Easy WebContent Free HTML Editor) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\encbaekhkcjjmhbcghnlcaiifdmfeokn [2015-05-31]
CHR Extension: (Type Scout - Better Typing! :)) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2015-05-31]
CHR Extension: (Creately - Collaborative Diagramming & Design) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\figjjaggcjcojopflaabmebmocabdglm [2014-10-21]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb [2015-03-20]
CHR Extension: (AdBlock) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-20]
CHR Extension: (Live HTTP Headers) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2015-01-03]
CHR Extension: (Dropbox) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-10-21]
CHR Extension: (PDF To Word Converter) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijcidehmghliocaelamimgiaiogcjal [2014-10-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Learn Italian with Yabla) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgcgdcknbalcapjbdndbccdlmoeoibg [2015-05-31]
CHR Extension: (Google Maps) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-10-21]
CHR Extension: (Google Drawings) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2014-10-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-25]
CHR Extension: (ТВ онлайн) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2015-05-31]
CHR Extension: (Outlook.com) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-05-31]
CHR Extension: (Gmail) - C:\Users\king_abdel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-25]

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [Datei ist nicht signiert]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-08-07] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 Tomcat8; C:\Program Files\Tomcat 8.0\bin\Tomcat8.exe [109696 2015-05-19] (Apache Software Foundation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [Datei ist nicht signiert]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U0 baioxmpc; C:\Windows\System32\drivers\uyue.sys [79064 2015-07-26] (Malwarebytes Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-21] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-20] (Intel Corporation)
R2 ISOMount; C:\Program Files (x86)\Free ISO Mount\FIMx64.sys [33896 2015-04-14] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2013-12-30] (Synaptics Incorporated)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 00:27 - 2015-07-28 00:28 - 00028620 _____ C:\Users\king_abdel\Desktop\FRST.txt
2015-07-26 23:21 - 2015-07-26 23:21 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\uyue.sys
2015-07-26 23:12 - 2015-07-26 23:18 - 00000000 ____D C:\Users\king_abdel\AppData\Local\Mozilla
2015-07-26 23:12 - 2015-07-26 23:12 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-26 23:12 - 2015-07-26 23:12 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-26 23:12 - 2015-07-26 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-26 23:12 - 2015-07-26 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-26 23:11 - 2015-07-26 23:11 - 00242904 _____ C:\Users\king_abdel\Downloads\Firefox Setup Stub 39.0.exe
2015-07-26 23:08 - 2015-07-26 23:21 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-26 23:08 - 2015-07-26 23:08 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-26 23:08 - 2015-07-26 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-26 23:08 - 2015-07-26 23:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 23:08 - 2015-07-26 23:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 23:08 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-26 23:08 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-26 23:08 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-26 23:07 - 2015-07-26 23:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\king_abdel\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-26 23:07 - 2015-07-26 23:07 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\king_abdel\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-26 23:02 - 2015-07-26 23:05 - 00000000 ____D C:\AdwCleaner
2015-07-26 23:01 - 2015-07-26 23:01 - 02248704 _____ C:\Users\king_abdel\Downloads\AdwCleaner.exe
2015-07-26 22:54 - 2015-07-28 00:28 - 00000000 ____D C:\FRST
2015-07-26 22:54 - 2015-07-26 22:55 - 00047852 _____ C:\Users\king_abdel\Downloads\FRST.txt
2015-07-26 22:54 - 2015-07-26 22:55 - 00044593 _____ C:\Users\king_abdel\Downloads\Addition.txt
2015-07-26 22:51 - 2015-07-26 22:51 - 02146816 _____ (Farbar) C:\Users\king_abdel\Desktop\FRST64.exe
2015-07-25 05:02 - 2015-07-25 05:02 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 20:25 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 20:25 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 20:25 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 20:25 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-19 21:02 - 2015-07-25 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-07-18 04:31 - 2015-06-11 03:14 - 02458449 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_15.MP4
2015-07-18 04:31 - 2015-06-11 03:11 - 20667775 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_14.MP4
2015-07-18 04:31 - 2015-06-11 03:11 - 13967688 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_13.MP4
2015-07-18 04:31 - 2015-06-11 03:10 - 14513239 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_12.MP4
2015-07-18 04:31 - 2015-06-11 03:10 - 12486534 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_11.MP4
2015-07-18 04:31 - 2015-06-11 03:08 - 27825067 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_10.MP4
2015-07-18 04:31 - 2015-06-11 03:03 - 16321205 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_5.MP4
2015-07-18 04:31 - 2015-06-11 03:02 - 06327119 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_3.MP4
2015-07-18 04:31 - 2015-06-11 03:02 - 02826119 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_4.MP4
2015-07-18 04:31 - 2015-06-11 03:01 - 10384185 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed.MP4
2015-07-18 04:31 - 2015-06-11 03:01 - 09944892 _____ C:\Users\king_abdel\Downloads\Advance Google Hacking Information Gathering And Penetration Testing - Skillfeed_2.MP4
2015-07-14 20:56 - 2015-07-14 20:56 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-14 20:47 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 20:47 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 20:47 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 20:47 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 20:47 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 20:47 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 20:47 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 20:47 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 20:47 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 20:47 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 20:47 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-14 20:47 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 20:47 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 20:47 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-14 20:47 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 20:47 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 20:47 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 20:47 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 20:47 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 20:47 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 20:47 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 20:47 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 20:47 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-14 20:47 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-14 20:47 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-14 20:47 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-07-14 20:46 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 20:46 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 20:46 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 20:46 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 20:46 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 20:46 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 20:46 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 20:46 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 20:46 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 20:46 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 20:46 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 20:46 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 20:46 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 20:46 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 20:46 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-14 20:46 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 20:46 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 20:46 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-14 20:46 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 20:46 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 20:46 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-14 20:46 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 20:46 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 20:46 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-14 20:46 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 20:46 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 20:46 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 20:46 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 20:46 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 20:46 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 20:46 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-14 20:46 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 20:46 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 20:46 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-14 20:46 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 20:46 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 20:46 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-14 20:46 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 20:46 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 20:46 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 20:46 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-14 20:46 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 20:46 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 20:46 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 20:46 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 20:46 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-14 20:46 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-14 20:46 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-02 20:45 - 2015-07-02 20:46 - 00000000 ____D C:\Users\mtarw_000\AppData\Local\Adobe
2015-06-29 20:47 - 2015-06-29 20:47 - 00243592 _____ C:\Users\king_abdel\Downloads\Firefox Setup Stub 38.0.5.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 00:26 - 2014-08-25 13:03 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3768936031-2504658206-505645752-1001
2015-07-28 00:24 - 2014-09-24 02:58 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{45C84480-A682-4765-A88A-D62EDF36DDFA}
2015-07-28 00:24 - 2014-05-21 03:36 - 01814169 _____ C:\Windows\WindowsUpdate.log
2015-07-28 00:22 - 2014-08-25 20:40 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\Dropbox
2015-07-28 00:21 - 2014-08-25 22:07 - 00000000 ____D C:\Users\king_abdel\AppData\Local\TSVNCache
2015-07-28 00:21 - 2014-08-25 21:31 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 00:21 - 2014-08-25 13:00 - 00000000 __RDO C:\Users\king_abdel\OneDrive
2015-07-28 00:20 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-28 00:20 - 2013-08-22 16:46 - 00048702 _____ C:\Windows\setupact.log
2015-07-27 01:03 - 2014-08-25 21:31 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 01:02 - 2015-06-18 18:52 - 00001240 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA.job
2015-07-27 00:56 - 2014-08-25 21:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 23:21 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SchCache
2015-07-26 23:14 - 2014-05-21 03:46 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-26 23:12 - 2014-08-25 13:26 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\Mozilla
2015-07-26 23:11 - 2014-05-21 03:17 - 01788458 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-26 23:11 - 2013-08-23 01:24 - 00769304 _____ C:\Windows\system32\perfh007.dat
2015-07-26 23:11 - 2013-08-23 01:24 - 00161112 _____ C:\Windows\system32\perfc007.dat
2015-07-26 23:06 - 2015-04-12 01:50 - 00000000 ____D C:\ProgramData\VMware
2015-07-26 23:06 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 23:05 - 2014-08-25 12:57 - 00000000 ____D C:\Users\king_abdel
2015-07-26 23:05 - 2014-05-21 03:00 - 00076880 _____ C:\Windows\PFRO.log
2015-07-26 23:05 - 2013-08-22 15:25 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-07-26 22:34 - 2014-09-18 20:58 - 01175040 ___SH C:\Users\king_abdel\Desktop\Thumbs.db
2015-07-25 06:34 - 2014-08-25 12:58 - 00000000 ____D C:\Users\king_abdel\Documents\Meine empfangenen Dateien
2015-07-25 05:08 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-25 05:02 - 2015-06-27 13:27 - 00000000 ____D C:\Users\king_abdel\AppData\Local\CrashDumps
2015-07-25 02:38 - 2013-08-22 16:44 - 00485600 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-25 02:37 - 2014-08-28 18:24 - 00000000 ____D C:\Windows\system32\MRT
2015-07-21 22:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-07-21 21:02 - 2015-06-18 18:52 - 00001188 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core.job
2015-07-21 20:56 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-19 20:57 - 2015-06-18 18:52 - 00004184 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA
2015-07-19 20:57 - 2015-06-18 18:52 - 00003804 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core
2015-07-18 04:32 - 2014-11-29 13:22 - 00000000 ____D C:\Users\king_abdel\AppData\Roaming\vlc
2015-07-16 21:51 - 2014-10-02 23:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 21:50 - 2015-01-04 12:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 20:58 - 2014-08-25 21:31 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 20:58 - 2014-08-25 21:31 - 00003874 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 22:49 - 2014-08-26 16:22 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3768936031-2504658206-505645752-1004
2015-07-14 22:01 - 2014-08-25 22:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 20:56 - 2014-08-25 21:29 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 19:49 - 2014-08-26 16:40 - 00000000 ____D C:\Users\mtarw_000\AppData\Local\TSVNCache
2015-07-13 19:49 - 2014-08-26 16:18 - 00000000 ___DO C:\Users\mtarw_000\OneDrive
2015-07-09 20:23 - 2014-11-28 05:22 - 00000000 ____D C:\Users\king_abdel\.VirtualBox
2015-07-05 12:08 - 2014-10-05 04:37 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2014-08-28 18:24 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 20:45 - 2014-10-02 23:21 - 00000000 ____D C:\Users\king_abdel\AppData\Local\Adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-21 03:02 - 2014-05-21 03:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\mtarw_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4z6er7.dll
C:\Users\mtarw_000\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mtarw_000\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\mtarw_000\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\king_abdel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhtym3.dll
C:\Users\king_abdel\AppData\Local\Temp\Quarantine.exe
C:\Users\king_abdel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-25 05:07

==================== Ende von log ============================

Addition.txt

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-07-2015
durchgeführt von king_abdel an 2015-07-28 00:28:51
Gestartet von C:\Users\king_abdel\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3768936031-2504658206-505645752-500 - Administrator - Disabled)
Gast (S-1-5-21-3768936031-2504658206-505645752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3768936031-2504658206-505645752-1003 - Limited - Enabled)
mtarw_000 (S-1-5-21-3768936031-2504658206-505645752-1004 - Limited - Enabled) => C:\Users\mtarw_000
king_abdel (S-1-5-21-3768936031-2504658206-505645752-1001 - Administrator - Enabled) => C:\Users\king_abdel

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E6ACD66-B207-217A-4D56-070D89395CED}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apache Tomcat 8.0 Tomcat8 (remove only) (HKLM\...\Apache Tomcat 8.0 Tomcat8) (Version: 8.0.23 - )
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.1 - Synaptics Incorporated)
Dropbox (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Free ISO Mount (HKLM-x32\...\FreeISOMount) (Version: 1.0 - Media Freeware)
Free ISO Mount Packages (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Free ISO Mount Packages) (Version:  - ) <==== ATTENTION
Geany 1.24 (HKLM-x32\...\Geany) (Version: 1.24 - The Geany developer team)
Git version 1.9.4-preview20140815 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140815 - The Git Development Community)
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version:  - )
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0-1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 39.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 fr)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905-1) (Version: 8.0.2 - NetBeans.org)
Node.js (HKLM\...\{A744EE31-693F-43F2-AF73-A093264A9E1B}) (Version: 0.10.31 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
OpenVPN 2.3.4-I003  (HKLM\...\OpenVPN) (Version: 2.3.4-I003 - )
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
OWASP ZAP 2.3.1 (HKLM-x32\...\OWASP ZAP_is1) (Version:  - psiinon@gmail.com)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Viber (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\XBMC) (Version:  - Team XBMC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3768936031-2504658206-505645752-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

30-06-2015 23:10:52 Windows Update
09-07-2015 19:25:51 Windows Update
14-07-2015 21:57:45 Windows Update
18-07-2015 03:19:51 Windows Update
21-07-2015 20:55:48 Windows Update
25-07-2015 02:32:16 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2015-01-06 01:49 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {17102473-B74B-4B4E-A126-F73EDC262821} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {1FD626BC-252C-4A0D-8DE8-1B5290333DE7} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {355B64CC-8C52-44A4-AC7C-F3ADD007F5E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25] (Google Inc.)
Task: {3E560A1F-B62E-4FF7-BCD2-88F58F1A8658} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {431E5CD3-E75D-4C3B-833E-D5BC09616996} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-05-20] (Maxthon International ltd.)
Task: {4D755DB7-D9B3-4B27-83A8-69F741CFC393} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3768936031-2504658206-505645752-1001
Task: {6948BB2D-A392-4975-9517-AB9579834FB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25] (Google Inc.)
Task: {6FB40BCD-24CE-4F96-92D9-14922831131B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {836AA0F6-0B64-45F7-AAE2-FA7EA48CF79D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {8FC35637-866E-47DC-9B65-3C4AFA6729B9} - System32\Tasks\MsgUpdateCheck (de5e9f60-5adf-404f-9048-3ab8bfd91685) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-09-30] (MarkedUp Inc)
Task: {B869B196-539C-474A-8FF5-0CA4321F7C72} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BEE2A894-CD37-4D02-8D22-0516FC1338F5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {CB41B8CC-ED7E-4710-876E-B0F9E4DD4DE4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA => C:\Users\king_abdel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {CEF0830B-EBEC-4E37-8B47-C62E0E9B37E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D91C1333-D318-405A-BF3A-8A9072DF9062} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core => C:\Users\king_abdel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {DB81542F-5D89-4D6D-8F7E-60B8872CE796} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {EBF6A61F-73D1-4035-8A36-345C6E40B885} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {FA33A354-D172-4DDD-810D-A4A48C198F61} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001Core.job => C:\Users\king_abdel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3768936031-2504658206-505645752-1001UA.job => C:\Users\king_abdel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-01-10 14:53 - 2014-01-10 14:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 14:53 - 2014-01-10 14:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 14:53 - 2014-01-10 14:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-10 15:24 - 2014-01-10 15:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-10 15:24 - 2014-01-10 15:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-08-10 16:10 - 2014-08-10 16:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-07-04 14:13 - 2015-07-04 14:13 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-05-21 03:35 - 2013-12-18 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-28 00:21 - 2015-07-28 00:21 - 00043008 _____ () c:\users\king_abdel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhtym3.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-05-28 23:40 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\mtarw_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\king_abdel\OneDrive:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3768936031-2504658206-505645752-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\king_abdel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-3768936031-2504658206-505645752-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2283E2F4E81ADB9952112222682465FA"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FB484846-4667-4775-B22A-43F48DCAEFB3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{812EEDC2-9D94-4D5B-A522-2E47F5180B3B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4E832A8B-CA93-440C-B1F8-C5981521F429}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B32975EA-9BCA-470D-A1BF-134417D0F210}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{176F2551-6B70-4567-88A3-4A482D702CD7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{E6A05620-028D-43AD-B10D-C7710471C3FC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{24AFF077-B1B9-481E-B443-EAF787C837FB}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{211955A1-EEA5-424F-A424-FE3A21C3A86E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{DCE08C6B-7342-46DD-88A6-7EFFD60D4794}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{290FF34C-D5A2-4C49-B841-143C4AAEAD88}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D5AA5157-D810-402A-9C44-A9AC01D85BF4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [TCP Query User{DA26D4CF-1D0B-4BD8-8468-2FBEC0F468D0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8711C3A4-E48C-4C40-A9BD-A09EA90FEE8E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0A38073C-2465-4F48-9CC6-06F877498888}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{22F9C638-9217-48A7-B626-1CD23839DFD4}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5DD1B99B-20AA-4270-B733-5C25E12DF9D0}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{0ECD5E1C-DD6C-4FCB-B40F-FCB856D51E2F}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{E9B105CD-80D7-44D7-B7F6-566E1D38688B}] => (Block) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{346B80C9-CBA4-4C45-A98C-101C022AFC57}] => (Block) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{3D9087DC-35E1-4060-98DE-FABB9705C3D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{F297447A-6C45-4A6A-B4F6-85C1D5774DD7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{820A5363-9DD2-4B4F-91F7-7C80A5AFA755}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4E357C61-3420-455E-B1F8-67D3F128D4C5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{558CBC9C-7703-4908-B38C-EDDBA06A94CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox31\firefox.exe
FirewallRules: [TCP Query User{71E51357-F903-4357-A4A6-4456E1FF3252}C:\users\king_abdel\downloads\utorrent.exe] => (Block) C:\users\king_abdel\downloads\utorrent.exe
FirewallRules: [UDP Query User{C2B62B7F-A967-4221-A33A-93A3C7A11FF7}C:\users\king_abdel\downloads\utorrent.exe] => (Block) C:\users\king_abdel\downloads\utorrent.exe
FirewallRules: [{D3D86DEE-DCF9-4219-B04C-D68B73CCC09E}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9657F7B0-DAED-46F1-B839-4DFF264723AC}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{27B54C99-2CA2-48A6-A973-4C7C4A3AA69A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{382DBB8E-A45A-480D-9C3D-9700E80B3253}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0F2C8A3A-D47D-4A94-B6AB-D2C97AC22A29}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{754E2A5C-7072-4EFE-B1CA-A1961847EAA2}] => (Allow) C:\Users\mtarw_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3BFAE97-ACC0-4F1E-AB0F-9683AAF6F60A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9CB9D7F7-410B-4131-BF95-6FE92CF9CEDB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C5A0BD68-C9FA-4624-BB5B-4C84D27A2429}] => (Allow) C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E92E02CC-E3EE-4246-A84E-F4B4FCB4832F}] => (Allow) C:\Users\king_abdel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{F362A64D-6C4A-4912-AEE0-4B4F2E27AC7A}C:\users\king_abdel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\king_abdel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E61B6F9D-21ED-44F4-B697-EC113B493C0E}C:\users\king_abdel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\king_abdel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{685F1E83-0032-4299-98B1-C13C6C6EC32A}C:\users\king_abdel\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\king_abdel\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D50D0216-AA2D-410B-9F62-AED6CCA35FEB}C:\users\king_abdel\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\king_abdel\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E510C98A-8789-4B50-A894-BA6037AD2904}] => (Block) C:\users\king_abdel\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{3B5EDA79-494F-4C3F-8A68-9082ABE0D5C8}] => (Block) C:\users\king_abdel\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{88CB4CC6-3248-4E0D-B90D-9A30DE1D6EF8}C:\users\king_abdel\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\king_abdel\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{D8E28A2E-EE9E-437F-9684-15B92C2279BD}C:\users\king_abdel\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\king_abdel\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [TCP Query User{72C1C88B-7502-49BA-8BF1-984B37A7D426}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{A9F978FD-FF0F-4CB6-ACC2-6F6A31843D0C}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{AF5F472D-FCCC-490B-82A9-7A781EE44415}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{37191894-692D-4FF9-A98C-54041BEED491}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{0B548A8E-DA8D-4C02-AD4C-F224437AC6DC}C:\users\king_abdel\documents\eclipse\eclipse.exe] => (Allow) C:\users\king_abdel\documents\eclipse\eclipse.exe
FirewallRules: [UDP Query User{997E3413-0837-4228-B61F-FF225A54752A}C:\users\king_abdel\documents\eclipse\eclipse.exe] => (Allow) C:\users\king_abdel\documents\eclipse\eclipse.exe
FirewallRules: [{4644000F-A35A-408F-9AEA-9B29B1F2BFC3}] => (Block) C:\users\king_abdel\documents\eclipse\eclipse.exe
FirewallRules: [{F3EFD017-A901-497A-8A79-9AB1970223A5}] => (Block) C:\users\king_abdel\documents\eclipse\eclipse.exe
FirewallRules: [TCP Query User{94EAE1F5-9836-400C-A455-9586166BCCC5}C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe] => (Allow) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [UDP Query User{C7E64E8C-D270-43B4-A8B9-540AEE1BCD75}C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe] => (Allow) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [{3065D80C-2A2F-4B42-8CF6-C17688B6D002}] => (Block) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [{181652EE-E390-4641-B496-BD7F31D1607A}] => (Block) C:\program files\apache software foundation\tomcat 8.0\bin\tomcat8.exe
FirewallRules: [TCP Query User{D0F10B75-42D2-4925-8B38-C4DC39FDD5B3}C:\users\king_abdel\desktop\eclipse\eclipse.exe] => (Allow) C:\users\king_abdel\desktop\eclipse\eclipse.exe
FirewallRules: [UDP Query User{17637592-163D-43D8-8D05-97F2EA5E730B}C:\users\king_abdel\desktop\eclipse\eclipse.exe] => (Allow) C:\users\king_abdel\desktop\eclipse\eclipse.exe
FirewallRules: [{2A9F3ED4-B662-4D43-BCC1-2B9C62397622}] => (Block) C:\users\king_abdel\desktop\eclipse\eclipse.exe
FirewallRules: [{F9E6A70A-0F1F-4716-8881-7C83C8F27148}] => (Block) C:\users\king_abdel\desktop\eclipse\eclipse.exe
FirewallRules: [TCP Query User{75DF3A44-16DA-40CB-AE0A-49F1E4BB15FE}C:\users\king_abdel\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe] => (Allow) C:\users\king_abdel\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [UDP Query User{01C99B2E-92DB-431A-9FD6-F1F501DBD90C}C:\users\king_abdel\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe] => (Allow) C:\users\king_abdel\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [{B53D8D4A-5BD0-456C-B003-A84FFB31366F}] => (Block) C:\users\king_abdel\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [{5E8DB17A-E215-4722-91D3-A59719350C0C}] => (Block) C:\users\king_abdel\documents\webgoat\webgoat-5.4-owasp_standard_win32\webgoat-5.4\java\bin\java.exe
FirewallRules: [{E09908CE-2170-4443-9CD2-C78CB2893692}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E99CE952-83B0-4FAB-A995-CD644211C39D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC8C88FB-61F4-437D-B15F-B8930DA07A7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/26/2015 11:06:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/25/2015 06:39:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12e0

Startzeit: 01d0c6843c82a3bb

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 074749ed-3287-11e5-82a3-a088695c4f35

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/25/2015 06:21:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 162c

Startzeit: 01d0c68d4c878ac0

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\backgroundTaskHost.exe

Berichts-ID: 927eb5c1-3284-11e5-82a3-a088695c4f35

Vollständiger Name des fehlerhaften Pakets: 65224AljazeeraMediaNetwor.3016831463E98_2.0.0.2_x64__tnpp68nm81ev6

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/25/2015 05:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 39.0.0.5659, Zeitstempel: 0x55934d06
Name des fehlerhaften Moduls: mozalloc.dll, Version: 39.0.0.5659, Zeitstempel: 0x55933a83
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (07/25/2015 04:47:12 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (07/25/2015 02:38:52 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/24/2015 03:52:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1750

Startzeit: 01d0c59a489a23a3

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\backgroundTaskHost.exe

Berichts-ID: aefa2cb1-31a6-11e5-82a2-ecf4bb9da6d0

Vollständiger Name des fehlerhaften Pakets: 10631PaolosAdventures.559711D6C5976_1.0.0.43_neutral__ntpp077zx3tm0

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/20/2015 12:53:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 44c

Startzeit: 01d0c270adce08d7

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: efbea873-2e68-11e5-82a2-ecf4bb9da6d0

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/17/2015 02:36:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c80

Startzeit: 01d0c00f8594541a

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\backgroundTaskHost.exe

Berichts-ID: eca49d5a-2c1b-11e5-82a2-a088695c4f31

Vollständiger Name des fehlerhaften Pakets: 65224AljazeeraMediaNetwor.3016831463E98_2.0.0.2_x64__tnpp68nm81ev6

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (07/16/2015 01:15:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TAHA-DELL)
Description: Bei der Aktivierung der App „10631PaolosAdventures.559711D6C5976_ntpp077zx3tm0!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (07/26/2015 11:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (07/26/2015 11:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (07/26/2015 11:05:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (07/26/2015 11:05:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Druckwarteschlange" wurde mit folgendem Fehler beendet: 
%%2147944103

Error: (07/26/2015 11:05:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware NAT Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/26/2015 11:05:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dell Data Vault" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================

CodeIntegrity Fehler:
===================================
  Date: 2015-07-25 05:08:29.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-25 05:08:29.440
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 21:39:14.352
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 21:39:14.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-27 03:52:51.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-27 03:52:51.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-21 20:13:36.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-21 20:13:36.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-07 17:17:28.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-07 17:17:28.185
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 14%
Total physical RAM: 16264.96 MB
Available physical RAM: 13922.87 MB
Total Virtual: 18696.96 MB
Available Virtual: 15917.35 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:219.83 GB) (Free:44.93 GB) NTFS
Drive d: (Studium) (Fixed) (Total:200.02 GB) (Free:172.94 GB) NTFS
Drive e: (Professionnel und Bücher) (Fixed) (Total:300.01 GB) (Free:276.73 GB) NTFS
Drive f: (Kultur und Entertainement) (Fixed) (Total:200 GB) (Free:151.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5FDB29C2)

Partition: GPT Partition Type.

==================== Ende von log ============================

Edited by king_abdel, 27 July 2015 - 06:01 PM.


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 PM

Posted 28 July 2015 - 05:16 AM

Hello,
 

Then i started "Malwarebytes Anti-Malware"(as adviced in the forum) which found much Malwares and cleaned it up.

  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs

tq7qi6z6.png

  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)

p84ykoav.png

  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:32 PM

Posted 01 August 2015 - 07:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users