PDA

View Full Version : Please help. I think my pc is hijacked and have no longer control



dauphin
2016-06-28, 14:28
Opening yahoo.com I will be redirected, setting firefox as standard browser is impossible, on facebook or other sites i have endless rings or links, typing in skype is as first some is reading, than it appears, outlook is unable to show html-mails anylonger, the pc is really slow and so on. I do not feel secure anymore using this pc. Please help. Thanks a lot.

p.s.: logs are attached

Juliet
2016-06-29, 01:19
Let's try to run a couple of tools.

The files you posted only worked for one of the txt files I need.


Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

* If you already have Malwarebytes Anti-Malware just continue and open the Dashboard

~~~~~~~~~~~~~~~`
On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.



~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.




======================================================



Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~
please post
Malwarebytes Anti-Malware
AdwCleaner[C1].txt
JRT.txt

Can you post these as a txt from notepad instead of zipping and attach.

dauphin
2016-06-30, 13:28
[QUOTE=Juliet;471113]Let's try to run a couple of tools.

Hi Juliet. Thanks so much for help. I have done as you asked me, files are attached. Malwarebytes and AdwCleaner found nothing, JRT had two findings, but the problems still remain.
Please tell me what we have to do now.

Attaching mbam-log i got the error message invalide file typ (xml)

Thanks
dauphin

Juliet
2016-06-30, 15:27
Please remove any usb or external drives from the computer before you run this scan!


Please download RogueKiller and save it to your desktop.

You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.


~~~~~~~~~~~~~~~`

I want you to look for and delete the previous version of Farbar Recovery Scan Tool and Addition.txt.
I'd like to see a fresh copy used. Also, can you copy and paste the results in instead of attaching?
I know logs can be long but you can add them in using multiple post if needed.

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.



~~~~~~~~~~~~~

Please post these 3 logs.

dauphin
2016-06-30, 17:01
Dear Juliet,

I've done as you told me. Hereby the

addition.txt, the FRST.txt and the RogueKiller report.

Hope it helps and you will tell me the next steps.

Thanks so much
dauphin

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Frithjof (2016-06-30 15:36:17)
Running from C:\Users\Frithjof\Desktop
Windows 10 Pro Version 1511 (X64) (2016-05-11 13:16:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1324307301-759359316-4020353428-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1324307301-759359316-4020353428-503 - Limited - Disabled)
Frithjof (S-1-5-21-1324307301-759359316-4020353428-1000 - Administrator - Enabled) => C:\Users\Frithjof
Guest (S-1-5-21-1324307301-759359316-4020353428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1324307301-759359316-4020353428-1013 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Spybot - Search and Destroy (Enabled - Up to date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AKVIS Magnifier (HKLM\...\{9FDD51C9-F7AA-40AF-A4FF-0500E45E4A06}) (Version: 8.0.1118.11451 - AKVIS)
AliG SIFD (HKLM-x32\...\com.aligmarketing.SIFD) (Version: 1.0.1 - Ali G. Marketing LLC)
AliG SIFD (x32 Version: 1.0.1 - Ali G. Marketing LLC) Hidden
Amazon Kindle (HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anime Studio Debut 11.1 (HKLM-x32\...\ASD1110_is1) (Version: 11.1 - Smith Micro Software, Inc.)
AnyMP4 Video Converter Ultimate 7.0.22 (HKLM-x32\...\{B77ACAAE-53EE-43c3-86F1-4AEA52F6CDD5}_is1) (Version: 7.0.22 - AnyMP4 Studio)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Atomic Email Hunter 11.0.0.200 (HKLM-x32\...\AtomicEmailHunter_is1) (Version: 11.0.0.200 - AtomPark Software Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.2.541 - Online Media Technologies Ltd.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Brackets (HKLM-x32\...\{63483A49-735F-4F9E-8E4C-30C29858CE60}) (Version: 1.2 - brackets.io)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Business Contact Manager für Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Cinderella2 2.6 (HKLM-x32\...\2385-9868-7018-1536) (Version: 2.6 - Cinderella)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Devart Code Compare 4.0.54 (HKLM\...\CodeCompare_is1) (Version: 4.0.54 - Devart)
Devart dbForge Studio for MySQL, v7.1 Express Edition (HKLM\...\DevartStudioMySqlExpess_is1) (Version: 7.1.13 - Devart)
Devart dbForge Studio for MySQL, v7.1 Trial Edition (HKLM\...\DevartStudioMySql_is1) (Version: 7.1.13 - Devart)
DIY DataRecovery MBRtool (HKLM-x32\...\MBRtool_is1) (Version: 2.3.200 - DIY DataRecovery.nl)
Dotfuscator Software Services - Community Edition - DEU (HKLM-x32\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dropbox (HKLM-x32\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{AFA4B0BF-3289-495A-B949-BA91F39B1A44}) (Version: 11.1.21009.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
FileZilla Client 3.17.0 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0 - Tim Kosse)
FlowHeater® 3.5.0 (HKLM-x32\...\{9188DFFD-F673-40D1-A743-1AFCB6DC1E46}_is1) (Version: - FlowHeater GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Monitor for Google 2.5 (HKLM-x32\...\Free Monitor for Google_is1) (Version: - CleverStat)
Free Video to JPG Converter version 5.0.47.906 (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.47.906 - DVDVideoSoft Ltd.)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Download version 3.2.44.908 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
FreeEmailExtractor (HKLM-x32\...\{D4BE871D-C460-4D47-A857-FE06393EA7B2}) (Version: 1.0.0 - ChinaCompanyDatabase)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline)
GoToMeeting Outlook Calendar Plug-in (HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\74BCB683C409F719EAB31FBFCB139767D04815FF) (Version: 3.2.95.0 - Citrix Online)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version: - Ansgar Becker)
HeidiSQL 8.0.0.4538 (HKLM-x32\...\HeidiSQL_is1) (Version: 8.0 - Ansgar Becker)
High-Definition Video Playback (x32 Version: 11.0.12200.1.158 - Nero AG) Hidden
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.1.10.373 - SurfRight B.V.)
Hotfix für Microsoft Team Foundation Server 2010-Objektmodell - DEU (KB2736182) (HKLM-x32\...\{A1F50E06-E514-393D-AAEB-2F989F0B7C68}.KB2736182) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Team Foundation Server 2010-Objektmodell - DEU (KB2890573) (HKLM-x32\...\{A1F50E06-E514-393D-AAEB-2F989F0B7C68}.KB2890573) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2529927) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2529927) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2548139) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2548139) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2549864) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2549864) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2615527) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2615527) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2635973) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2736182) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2736182) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2890573) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2890573) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB3002340) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB3002340) (Version: 1 - Microsoft Corporation)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{DAE3B13B-5097-4EAE-BC26-C463377BD80E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I Can Animate 2 (HKLM-x32\...\{BF21DC31-3AA2-4CAC-8C7A-AA6CAFCAB35F}) (Version: 2.18.0.168 - Kudlian Software)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
IP Subnet Calculator (HKLM-x32\...\{AB1A6F99-6394-4CB8-989F-EA4E4D80520C}) (Version: 0.9.83 - Tim Hildering)
iSkysoft iMedia Converter Deluxe(Build 5.8.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.8.0.1 - iSkysoft Software)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
iTwin 3.8 Final (HKLM-x32\...\iTwin_is1) (Version: 3.8 Final - Stefan Moka)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kodu Game Lab (HKLM-x32\...\{7DE737B3-B287-4107-8D41-B10E039991CC}) (Version: 1.2.88 - Microsoft Research)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.37 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.37 - Alliance Software Pty Ltd) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - DEU (HKLM-x32\...\{07AC2D83-E795-4AD5-970D-B9BD14A1E411}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM-x32\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu (HKLM-x32\...\{742D41A9-B3BF-3A65-806E-F8372FB3E492}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{B006B9E9-41DD-4479-9177-3743A53B7735}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20621.0) (Version: 4.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{0536BCDF-7EF6-48F6-8765-A3C065A065A5}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F21D2032-60FE-4729-9C87-46F1615FB965}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20705.0) (Version: 4.0.20705.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Project Professional 2016 - de-de (HKLM\...\ProjectProRetail - de-de) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable - Language Pack - deu (HKLM-x32\...\{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 4 Toolkit April 2010 (HKLM-x32\...\{2DDCCEA5-2AA4-4ABB-BCAD-41BB115A4333}) (Version: 4.0.40413.2020 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Silverlight 5 Toolkit December 2011 (HKLM-x32\...\{EC35EE8E-87D1-4E3E-B5CC-D8B1544615F5}) (Version: 5.0.51209.1124 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Policies (HKLM-x32\...\{695E67B6-8B95-4160-9650-92974980CDC1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (HKLM-x32\...\{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}) (Version: 10.50.1752.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{919E5477-D20B-4F64-AE8B-8199469F7817}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (HKLM-x32\...\{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch) (HKLM-x32\...\{0DD2DCC6-21AE-4678-8629-1084B17BE077}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (HKLM-x32\...\{F6F1EE45-97E9-48A3-94B2-044B0A3C08D3}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (HKLM-x32\...\{CEEDB2C4-46BE-4340-BAB9-F30110D9BBB8}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{0D432429-C79C-462D-ABD8-4D82B83A954B}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\4415f693b586d348) (Version: 16.0.1299.5 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - DEU (HKLM-x32\...\{86756584-C41A-4CA3-B42D-4768C7720F56}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movavi Screen Capture Studio 5 (HKLM-x32\...\Movavi Screen Capture Studio 5) (Version: 5.1.0 - MOVAVI)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
MySQL Fabric 1.5.6 & MySQL Utilities 1.5.6 (HKLM-x32\...\{C914EB85-F0E6-4150-9FA0-99B716A15EAF}) (Version: 1.5.6 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Nero 11 (HKLM-x32\...\{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}) (Version: 11.0.10100 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Graphics Driver 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
onl!ne email grabber professional 2.2.0 (HKLM-x32\...\email grabber_is1) (Version: 2.2.0.0 - Sven Bader - Design & Software)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
Paragon Partition Manager™ 12 Professional (HKLM-x32\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{710F7B0F-A679-4314-8E69-E868B660FAEA}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 3.3.1 (HKLM-x32\...\qBittorrent) (Version: 3.3.1 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RazorSQL 6.4.8 (HKLM\...\RazorSQL_is1) (Version: 6.4.8 - Richardson Software, LLC)
Readiris Pro 14 (HKLM-x32\...\{038CE681-B496-4ACA-90A7-BE78EF30A076}) (Version: 14.00.3841 - I.R.I.S.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
RMPrepUSB (HKLM-x32\...\RMPrepUSB) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Sicherheitsupdate für Microsoft Visual Studio 2010 Ultimate - DEU (KB2645410) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2645410) (Version: 1 - Microsoft Corporation)
Silverlight Controls Browser (HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\3163075259.www.silverlight.net) (Version: - www.silverlight.net)
SkyHistory 1.2.3 (HKLM-x32\...\{B03A7F40-A817-4c68-9954-2B2223BE91AA}_is1) (Version: - Scand LLC)
Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Social Interest Freak Version 2.0 (HKLM-x32\...\{D561CA58-31CE-49C8-894B-5774E2EA1C69}_is1) (Version: 2.0 - www.social-interest-freak.com)
Social Lead Freak Version 4.0.2 (HKLM-x32\...\{BB7B4E7D-6C6D-4302-A297-C015F6D661AC}_is1) (Version: 4.0.2 - SocialLeadFreak.NET)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarMoney (x32 Version: 3.0.3.21 - StarFinanz) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.4 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.12.64 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
USB/DVD-Downloadtool für Windows 7 (HKLM-x32\...\{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}) (Version: 1.0.30 - Microsoft Corporation)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
welcome (x32 Version: 11.0.20000.0.0 - Nero AG) Hidden
Wichtiges Update für Microsoft Visual Studio 2010 Ultimate - DEU (KB2938807) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2938807) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
Wireshark 1.6.5 (HKLM-x32\...\Wireshark) (Version: 1.6.5 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO EÜR & Kasse 2014 (HKLM-x32\...\{50320153-AE64-4CBB-B5FC-73C5C22B545D}) (Version: 21.08.8679 - Buhl Data Service GmbH)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.14-4 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1324307301-759359316-4020353428-1000_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Frithjof\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1324307301-759359316-4020353428-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1324307301-759359316-4020353428-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Frithjof\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1324307301-759359316-4020353428-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1324307301-759359316-4020353428-1000_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Frithjof\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1324307301-759359316-4020353428-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Frithjof\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028136BC-CC18-4B1E-AB12-0CCDF01FD3DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {0E54B70A-72D5-4895-BAEB-EEC3A9254D69} - \{C324077E-E3A0-4BEE-822C-B7C7A9DD550E} -> No File <==== ATTENTION
Task: {120126EA-8369-4B3E-88B4-8B0D869DB2D1} - \G2MUpdateTask-S-1-5-21-1324307301-759359316-4020353428-1000 -> No File <==== ATTENTION
Task: {1AB12998-945B-49A8-AB0F-69DCB4B881E7} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {1BE08D50-F05E-44FE-8804-CC48C861B9C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {1C67BEFA-7AAA-4CA4-BA75-F9EA97541BCE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {1CCE14E9-61A7-4EF6-8D0A-C3E9467FB995} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {1E172C87-989A-46F5-A3E7-856463C97478} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {23381648-87AF-4E9C-AB97-1700F8E59F37} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {26F53C62-445E-4D9A-8DE3-A42DE6269C95} - \SUPERAntiSpyware Scheduled Task 8d0590c2-ae5f-4aef-be2d-16065f46532b -> No File <==== ATTENTION
Task: {279A2790-CA57-459A-9B28-4713BEBE3E08} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2860C9C4-6BC1-4B51-A30A-BD9DC6312132} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {2ABA8D1D-92A7-47E3-8773-DE6B52B48BDF} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2EE9B7F3-FA3A-4CFE-ABE5-C9242A8F1923} - \HPCustParticipation HP Officejet Pro 8610 -> No File <==== ATTENTION
Task: {38D0786C-6387-4787-B894-7E7D9527FDE8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {39F47064-62B1-4457-B43A-A10D52E9F3D2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3A4971E5-F6C3-4CBA-88DE-3F42DEF05DC2} - \{8A7D90B1-09CD-4C82-99D5-54C8078B0E82} -> No File <==== ATTENTION
Task: {4371DCE8-23E8-472A-B4FD-7E95E7BA6E24} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {457D09BE-AC78-45E6-B386-4C9DA8DC5B64} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5B5067D4-1D4E-4539-9248-B632A932151E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {65B93B91-29D3-4890-A464-316B5468B31C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {6755F956-A8ED-4ADB-B4B7-849D18DB4DCA} - System32\Tasks\AdobeAAMUpdater-1.0-Frithjof-PC-Frithjof => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-03-22] (Adobe Systems Incorporated)
Task: {6862A10C-0843-4C06-B86D-380440F22CD1} - \Microsoft_MKC_Logon_Task_ipoint.exe -> No File <==== ATTENTION
Task: {73B6390C-1FBF-43D7-8649-425735D100A9} - \{E2E39917-7B53-4470-897C-3E8EBCE124E6} -> No File <==== ATTENTION
Task: {75D83B25-3B1F-45EC-AA1C-B61BA40917D0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-04-18] (Bitdefender)
Task: {78700C8A-FDFC-4097-AC6B-A4BFAE3A39B5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7FADCE39-15EC-4F4F-B94C-DF313E0C1910} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {88AED461-B2A0-44D8-B15E-F7026FC698F2} - \Java Platform SE Auto Updater -> No File <==== ATTENTION
Task: {8C247B5C-2AF3-47ED-8E25-A875DB3C0516} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {93598228-D60D-42AB-9D65-A99EF86079FE} - \{9CA7D29C-249C-4CD2-989F-C0417082083D} -> No File <==== ATTENTION
Task: {A239356A-C82B-408B-8B73-4114EFCCD185} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A2B5095A-9A57-4405-BD99-B5BF4D68ACC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {A2D33363-CDF5-4BF2-88E3-AA1549A108FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {A4E00632-5E5F-4E60-B9B0-BAE099446467} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A69314E2-611C-43EC-9EDF-E2DE106CA7E2} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {AAC5EBDB-ED17-42AC-A0D9-89822F934272} - \WebReg Officejet 6500 E709a Series -> No File <==== ATTENTION
Task: {AFD6AFA7-BF18-40F9-8222-195BD3D929AE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B09FDB7E-32C6-4F3F-9599-E76B4580AF74} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B787BA2A-6F83-4464-86DC-E84284980B30} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {BA973BFA-4867-49C8-8FB8-53F0E5A8B8B4} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE52805A-EBAA-43B9-976B-5BCB67ED2921} - \G2MUploadTask-S-1-5-21-1324307301-759359316-4020353428-1000 -> No File <==== ATTENTION
Task: {C2CEF3AC-81A8-4341-AF5D-F38E5D50857D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C35BD123-6FC2-4567-998E-BBDB982B2027} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {C6184A14-AA18-403D-A1DC-A730A0173FD2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {CB71A058-ABDB-4F45-8201-C02B7052A1CB} - \SUPERAntiSpyware Scheduled Task 504be6ac-4f4e-4e4c-bbd2-771cbd7824f9 -> No File <==== ATTENTION
Task: {CD630095-97A5-4991-92E0-88E2FFD62DA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {D2092D79-28AE-4C52-B039-E59AEA8EC3DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D9329535-94CE-4F48-9F7F-A6D0A6DFACBF} - \Microsoft_MKC_Logon_Task_itype.exe -> No File <==== ATTENTION
Task: {DDC977ED-9853-40AC-9C05-8A5EFBBCE651} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {DE04F873-BA91-41DE-B2BA-1A399D6685FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E252CF8C-56AD-41CF-A395-8C291CC907FB} - \{3D9D960B-DB71-42A9-BE0D-7DD16AB608ED} -> No File <==== ATTENTION
Task: {EED1FFD7-54AE-4D81-91D9-5CBF9228B5FD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F0ABBF2C-9B67-4C22-B4E4-E002F55C86A6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {F6BE6C0D-5958-4DFB-BCE1-E4E2F795BDA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-10] (Microsoft Corporation)
Task: {FAF5ED7B-589E-46C5-88E4-B7C7A723EABE} - \{BC4DAC18-9546-4621-93ED-A2AE9200F9D7} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1324307301-759359316-4020353428-1000.job => C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1324307301-759359316-4020353428-1000.job => C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Frithjof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Silverlight Controls Browser.lnk -> C:\Users\Frithjof\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\3163075259.www.silverlight.net\3163075259.www.silverlight.net.ico () -> 3163075259.www.silverlight.net

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:17 - 2015-10-30 09:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-11 14:45 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-26 10:38 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2016-05-11 14:45 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-11 16:22 - 2016-05-11 16:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-12 00:39 - 2016-05-12 00:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-03-30 14:41 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2012-02-02 18:11 - 2012-01-09 20:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2016-05-25 14:36 - 2016-05-25 14:36 - 00959168 _____ () C:\Users\Frithjof\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-21 23:38 - 2016-02-21 23:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-02-13 14:54 - 2016-02-13 14:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 11:37 - 2010-11-30 11:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2011-02-22 20:22 - 2011-02-22 20:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2016-06-10 17:22 - 2016-06-10 17:22 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-06-03 08:23 - 2016-06-03 08:24 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-03 08:23 - 2016-06-03 08:24 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 08:23 - 2016-06-03 08:24 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-05-11 16:03 - 2016-05-11 16:03 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-28 08:17 - 2016-06-28 08:17 - 03790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-05-11 16:02 - 2016-05-11 16:03 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-15 13:57 - 2016-05-28 05:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 13:57 - 2016-05-28 05:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 13:57 - 2016-05-28 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 13:57 - 2016-05-28 05:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-17 08:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-17 08:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-17 08:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-17 08:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-05-11 16:22 - 2016-05-11 16:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-11 16:22 - 2016-05-11 16:22 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-25 14:36 - 2016-05-25 14:36 - 00679624 _____ () C:\Users\Frithjof\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-30 13:24 - 2016-06-30 13:24 - 00098816 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32api.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00110080 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\pywintypes27.dll
2016-06-30 13:24 - 2016-06-30 13:24 - 00364544 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\pythoncom27.dll
2016-06-30 13:24 - 2016-06-30 13:24 - 00320512 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32com.shell.shell.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00776704 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_hashlib.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 01176576 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._core_.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00806400 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._gdi_.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00816128 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._windows_.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 01067008 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._controls_.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00733184 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._misc_.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00682496 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\pysqlite2._sqlite.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00088064 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_ctypes.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00119808 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32file.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00108544 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32security.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00007168 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\hashobjs_ext.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00017920 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\thumbnails_ext.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00088064 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\usb_ext.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00012288 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\common.time34.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00018432 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32event.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00167936 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32gui.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00046080 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_socket.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 01208320 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_ssl.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00128512 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_elementtree.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00127488 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\pyexpat.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00038912 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32inet.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00036864 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_psutil_windows.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00525208 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\windows._lib_cacheinvalidation.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00011264 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32crypt.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00077312 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._html2.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00027136 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_multiprocessing.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00020480 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\_yappi.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00035840 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32process.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00686080 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\unicodedata.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00078848 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._animate.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00123392 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\wx._wizard.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00024064 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32pipe.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00010240 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\select.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00025600 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32pdh.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00017408 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32profile.pyd
2016-06-30 13:24 - 2016-06-30 13:24 - 00022528 ____R () C:\Users\Frithjof\AppData\Local\Temp\_MEI83842\win32ts.pyd
2015-12-12 18:46 - 2016-05-25 19:03 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-24 20:31 - 2016-05-25 19:03 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-24 20:31 - 2016-05-25 19:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-24 20:31 - 2016-05-25 19:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-12 18:46 - 2016-05-25 19:03 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-12 18:46 - 2016-05-25 19:03 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-12 18:46 - 2016-06-13 22:13 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-24 20:31 - 2016-05-25 19:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-12 18:46 - 2016-06-13 22:13 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-12 18:46 - 2016-05-25 19:03 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 18:46 - 2016-05-25 19:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-12 18:46 - 2016-06-13 22:13 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-24 20:31 - 2016-05-25 19:05 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-11 13:12 - 2016-06-13 22:13 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-11 13:12 - 2016-06-13 22:13 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-11 13:12 - 2016-06-13 22:13 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 13:12 - 2016-06-13 22:13 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-11 13:12 - 2016-06-13 22:13 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2015-12-12 18:46 - 2016-05-25 19:03 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-24 20:31 - 2016-05-25 19:04 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-12 18:46 - 2016-06-13 22:13 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-11 13:12 - 2016-06-13 22:13 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-24 20:31 - 2016-05-25 19:05 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-24 20:31 - 2016-06-13 22:13 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-24 20:31 - 2016-03-12 02:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-24 20:31 - 2016-06-13 22:13 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-24 20:31 - 2016-06-13 22:13 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-12 18:46 - 2016-05-25 19:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-12 18:46 - 2016-05-25 19:05 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-15 04:48 - 2016-06-13 22:13 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-12 18:46 - 2016-06-13 22:13 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-24 20:31 - 2016-06-13 22:13 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-06-24 20:31 - 2016-05-25 19:07 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-06-24 20:31 - 2016-05-25 19:07 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-09-24 11:09 - 2016-05-25 19:09 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-03-30 14:42 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-30 14:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-06-13 14:59 - 2016-06-21 06:36 - 03540680 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-05-03 16:41 - 2016-05-03 16:41 - 05919416 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\AdobePDFMakerX.dll
2016-06-13 14:59 - 2016-06-10 10:05 - 01061576 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC [149]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\F-SecureOnlineScanner(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\F-SecureOnlineScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\OBS-Studio-0.14.2-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\wlsetup3528-all - Copy.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\wlsetup3528-all.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7906 more sites.

IE trusted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12723 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-06-28 11:46 - 00452848 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15538 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkyHistory.lnk => C:\Windows\pss\SkyHistory.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: GoToMeeting => "C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\3499\g2mstart.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: iTunesHelper =>
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: SkyDrive =>
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Smart File Advisor =>
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\StartupApproved\Run: => "PC Suite Tray"
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\StartupApproved\Run: => ""
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\StartupApproved\Run: => "GoToMeeting"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{7F28C188-97B5-4DDD-B8D4-1C6B9F813B02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{19E3E144-B1DE-4A3F-A4C5-BECB39B9F804}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB4ACB42-BA99-456E-B1AB-BF1C80DD2E1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DD6D7427-F53C-4956-83D3-BFE5C4385B80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BA37F7CB-21EF-43B3-B723-3636FC34223B}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Debut 11\Anime Studio Debut Win32.exe
FirewallRules: [{CA2DC5A4-FF75-49EB-9C80-FF267B228E9E}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Debut 11\Anime Studio Debut Win32.exe
FirewallRules: [{F804EF00-CE50-4E7F-95D8-8D252A2A2A44}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8FFE8562-19AE-407D-938A-CF422D30FB38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E15DFEEC-1B85-4C00-AD2B-318AB1F6DC07}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A4A76D03-3999-4832-9D56-96528B7C5AF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{921B51B4-0291-4528-BB37-0FD16DC76C75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1782CBA9-DF45-49AD-8606-E17A9106BF67}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{808F3DDF-2860-49C5-BAEE-BC416AB2F8C3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{DC550764-EF40-4D6E-84FE-10ACD93A894E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{BCBCCABF-ABF0-44CD-8006-AD611009E231}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{049F5759-F626-4BE2-BF27-A9FFBF9AEE35}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe
FirewallRules: [{2DFA4A83-4990-4619-B57A-566C31635840}] => (Allow) C:\Users\Frithjof\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{B88383D8-EF6A-4E38-B4EA-9098C29F82A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1772CA1D-C390-464A-B67F-1869744ECAAC}] => (Allow) LPort=2799
FirewallRules: [{6D9B7413-C27D-4A7D-9371-BD95AB4C1DDD}] => (Allow) LPort=2799
FirewallRules: [UDP Query User{3E5F32B6-738C-4D52-A1B1-5D3A905C443A}C:\program files\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files\ws_ftp\ws_ftp95.exe
FirewallRules: [TCP Query User{2EE0C93F-5D6C-4FEC-88F1-27E93A9247D6}C:\program files\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files\ws_ftp\ws_ftp95.exe
FirewallRules: [UDP Query User{C44F7CBD-6A57-4ACB-9918-6C3A9D4D4C52}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FF13BF6B-6365-4091-BF8F-AC4795399727}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C5E2C55D-BA2E-4276-AE7D-1F9070FBAF7F}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{A6F5F42E-0745-4242-A7F2-39E2CE316456}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F59244D-13A1-4228-844D-272E29F22737}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90F9063A-483F-419C-9917-F1C3A451063F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{59B90DD1-60EC-4D2E-8C8A-F6B8C6B99D48}] => (Allow) LPort=5357
FirewallRules: [{2CE7C249-525C-47A6-BF10-14CF66B9DD14}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{FB63F0C1-6460-41B6-9A6D-1393DE53DAE7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{032BBEEE-46E5-4337-ACD2-35F31CA1464F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{9F25EB73-592E-4E4E-A639-37AE065481E5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{F9C8E143-DB76-4BA4-8EFF-9D8FCB118735}] => (Allow) E:\FSetup.exe
FirewallRules: [{5A9DF125-1A0F-4C56-8BB6-CA2F9163503B}] => (Allow) E:\FSetup.exe
FirewallRules: [{5B8D652D-5FC7-4CB5-9ACC-96E1247510F1}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [UDP Query User{82649C25-B87D-4ED1-A083-C8547DE3F165}C:\users\frithjof\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\frithjof\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4FCC7F26-E88C-4D0F-8352-BB1BD64FC6F0}C:\users\frithjof\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\frithjof\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D21D6ABC-2EF2-42FD-A059-962A783937C3}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [UDP Query User{4365448D-2AC5-435E-99BB-123C7A550366}C:\users\frithjof\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\frithjof\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1687D7DE-1B67-45EF-91BE-1539812C3036}C:\users\frithjof\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\frithjof\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B500147C-4ECF-40B7-BDBF-3B1D49A2EE33}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [UDP Query User{37A331EC-810C-4BF5-A085-32D855EDE6D5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8D0CCE09-A0A8-47EB-9786-931BA469B0B4}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{447C4248-23D7-4EB6-AF14-4594D567023B}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [TCP Query User{EB5F6E92-1EBD-4D10-ACEF-C87D6D888AA3}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [{1D6ADE22-FDBE-44BB-AECA-0BC32751F2B8}] => (Allow) LPort=1900
FirewallRules: [{8573BA83-506D-4982-BEE6-BC3E3BE641B8}] => (Allow) LPort=2869
FirewallRules: [{1F289161-470B-4670-9A1F-7A29BF5C257F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E08BC338-8D4C-4047-BA89-C2C2018BE1D9}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{2CD79122-27B3-4C4A-838C-56ADCF1CAA19}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{EE44A943-D7A2-4CB3-B47E-F82A86032710}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{C14CADB5-353C-471B-A511-8FE0C976C54E}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{86107159-DBAA-4F35-BEFC-A0288DB6EBC0}] => (Allow) C:\Users\Frithjof\Desktop\Test\Adeep.SnifferExample.exe
FirewallRules: [{7505F25B-E4DE-4DA0-927A-F99DDE62F70B}] => (Allow) C:\Users\Frithjof\Desktop\Test\Adeep.SnifferExample.exe
FirewallRules: [{900DF17F-E781-43C8-96E8-7621F9EDE407}] => (Allow) C:\Users\Frithjof\Desktop\Test\Adeep.SnifferExample.exe
FirewallRules: [{BEFBBBBD-0601-42DE-9180-78AFFE72DE2F}] => (Allow) C:\Users\Frithjof\Desktop\Test\Adeep.SnifferExample.exe
FirewallRules: [UDP Query User{7CC033D4-3B8E-4F36-8A03-B1661EF7E418}C:\program files (x86)\nero\nero 11\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 11\nero backitup\backitup.exe
FirewallRules: [TCP Query User{3BC7419F-C0B0-464F-B4E6-ED307E726934}C:\program files (x86)\nero\nero 11\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 11\nero backitup\backitup.exe
FirewallRules: [{1466BCAB-104F-435C-83DE-70904C7311DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{995C4623-14C6-46F4-BBAF-50C443EAE521}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

27-06-2016 11:39:01 Windows Update
27-06-2016 11:39:26 Windows Update
30-06-2016 11:21:37 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2016 03:29:52 PM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar.

Möchten Sie im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (06/30/2016 03:28:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.6965.2058, time stamp: 0x575aa2b4
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000374
Fault offset: 0x000dc7c9
Faulting process id: 0x2928
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5

Error: (06/30/2016 01:44:24 PM) (Source: MsiInstaller) (EventID: 11921) (User: Frithjof-PC)
Description: Product: ESET Smart Security -- Fehler 1921. Dienst "ESET Service" (ekrn) konnte nicht beendet werden. Überprüfen Sie, ob Sie ausreichende Berechtigungen zum Beenden von Systemdiensten besitzen.

Error: (06/30/2016 01:40:20 PM) (Source: MsiInstaller) (EventID: 11921) (User: Frithjof-PC)
Description: Product: ESET Smart Security -- Fehler 1921. Dienst "ESET Service" (ekrn) konnte nicht beendet werden. Überprüfen Sie, ob Sie ausreichende Berechtigungen zum Beenden von Systemdiensten besitzen.

Error: (06/30/2016 01:34:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/30/2016 01:34:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/30/2016 01:34:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/30/2016 01:34:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/30/2016 01:34:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/30/2016 01:34:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


System errors:
=============
Error: (06/30/2016 03:06:36 PM) (Source: DCOM) (EventID: 10016) (User: Frithjof-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Frithjof-PCFrithjofS-1-5-21-1324307301-759359316-4020353428-1000LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795

Error: (06/30/2016 01:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (06/30/2016 01:31:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - Other hardware, Printer - Null Print - HP Officejet Pro 8610.

Error: (06/30/2016 01:31:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610.

Error: (06/30/2016 01:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (06/30/2016 01:23:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (06/30/2016 01:23:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (06/30/2016 01:23:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (06/30/2016 01:23:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_14fadc service to connect.

Error: (06/30/2016 01:23:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_14fadc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-06-22 17:32:26.379
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-06-22 17:32:26.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-06-22 17:28:42.917
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-06-22 17:28:42.797
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-06-22 08:38:36.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-18 02:00:10.044
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-15 18:11:45.468
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-15 17:56:36.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-14 16:03:42.722
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-06-14 16:03:42.574
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 31%
Total physical RAM: 16291.76 MB
Available physical RAM: 11102.41 MB
Total Virtual: 32675.76 MB
Available Virtual: 28631.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:67.3 GB) NTFS
Drive d: (TI30780700C) (Fixed) (Total:448.9 GB) (Free:277.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5773EF67)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: E7D2FA64)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=448.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=17)

==================== End of Addition.txt ============================




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by Frithjof (administrator) on FRITHJOF-PC (30-06-2016 15:35:38)
Running from C:\Users\Frithjof\Desktop
Loaded Profiles: Frithjof (Available Profiles: Frithjof & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\Frithjof\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Frithjof\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\4670\g2mstart.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\4670\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\4670\g2mlauncher.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Farbar) C:\Users\Frithjof\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [561152 2011-04-20] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [967544 2011-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-11-27] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Frithjof\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [GoToMeeting] => C:\Users\Frithjof\AppData\Local\Citrix\GoToMeeting\4670\g2mstart.exe [41536 2016-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
Startup: C:\Users\Frithjof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-06-29]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Frithjof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-12-13]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{10d67975-e819-46c2-902a-5b83894aabb1}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e4cb5a23-1a61-4855-9f55-91b9a9cfa4f0}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?PC=AV01
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/?PC=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1324307301-759359316-4020353428-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1324307301-759359316-4020353428-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1324307301-759359316-4020353428-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: WSISVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\Frithjof\AppData\Roaming\Mozilla\Firefox\Profiles\bw2m87oj.default-1466081700507
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-07-26] (Nero AG)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1324307301-759359316-4020353428-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Frithjof\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-1324307301-759359316-4020353428-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Frithjof\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin HKU\S-1-5-21-1324307301-759359316-4020353428-1000: SkypePlugin -> C:\Users\Frithjof\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1324307301-759359316-4020353428-1000: SkypePlugin64 -> C:\Users\Frithjof\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2015-12-04]
FF Extension: Bitdefender QuickScan - C:\Users\Frithjof\AppData\Roaming\Mozilla\Firefox\Profiles\bw2m87oj.default-1466081700507\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-06-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-07] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-07] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-01-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-03-03]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com => not found

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://pandasecurity.mystart.com/results.php?searchsource=omnibar&pr=vmn&id=pandasecuritytb&v=2_3&ent=ds_671&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR Profile: C:\Users\Frithjof\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Frithjof\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Frithjof\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Frithjof\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Frithjof\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Frithjof\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Frithjof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1324307301-759359316-4020353428-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Frithjof\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-05-06]
CHR HKU\S-1-5-21-1324307301-759359316-4020353428-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4397896 2016-06-15] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
S4 MSSQL$IPALIBI; C:\Program Files\Microsoft SQL Server\MSSQL10_50.IPALIBI\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [950200 2016-05-24] (Bitdefender)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S4 SQLAgent$IPALIBI; C:\Program Files\Microsoft SQL Server\MSSQL10_50.IPALIBI\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [480256 2011-04-20] (TOSHIBA Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 XS Stick Service; C:\Windows\service4g.exe [125200 2009-06-17] (4G Systems GmbH & Co. KG)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-09-21] (Qualcomm Atheros Communications, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [170280 2016-06-27] (ESET)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [175472 2016-06-15] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [80424 2016-06-15] (SurfRight B.V.)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 15:35 - 2016-06-30 15:35 - 00036916 _____ C:\Users\Frithjof\Desktop\FRST.txt
2016-06-30 15:33 - 2016-06-30 15:34 - 02390016 _____ (Farbar) C:\Users\Frithjof\Desktop\FRST64(1).exe
2016-06-30 14:48 - 2016-06-30 14:48 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-06-30 14:46 - 2016-06-30 15:29 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-30 14:44 - 2016-06-30 14:46 - 24207432 _____ C:\Users\Frithjof\Desktop\RogueKillerX64.exe
2016-06-30 13:34 - 2016-06-30 13:34 - 00000000 ____D C:\Program Files (x86)\ESET
2016-06-30 13:27 - 2016-06-30 13:27 - 06995720 _____ (Piriform Ltd) C:\Users\Frithjof\Downloads\ccsetup519.exe
2016-06-30 11:20 - 2016-06-30 11:21 - 01610816 _____ (Malwarebytes) C:\Users\Frithjof\Downloads\JRT(1).exe
2016-06-29 08:15 - 2016-06-29 08:15 - 00000000 ___HD C:\OneDriveTemp
2016-06-28 19:42 - 2016-06-28 19:42 - 02444208 _____ C:\Users\Frithjof\Downloads\avira_pc_cleaner_de(1).exe
2016-06-28 14:01 - 2016-06-28 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-28 13:59 - 2016-06-28 14:22 - 00000000 ____D C:\Users\Frithjof\Desktop\mbar
2016-06-28 13:59 - 2016-06-28 13:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Frithjof\Downloads\mbar-1.09.3.1001.exe
2016-06-28 12:52 - 2016-06-28 12:52 - 05198336 _____ (AVAST Software) C:\Users\Frithjof\Downloads\aswMBR(1).exe
2016-06-28 12:41 - 2016-06-28 12:43 - 00105938 _____ C:\Users\Frithjof\Downloads\Addition.txt
2016-06-28 12:41 - 2016-06-28 12:43 - 00086835 _____ C:\Users\Frithjof\Downloads\FRST.txt
2016-06-28 12:40 - 2016-06-30 15:35 - 00000000 ____D C:\FRST
2016-06-28 12:38 - 2016-06-28 12:39 - 02389504 _____ (Farbar) C:\Users\Frithjof\Downloads\FRST64.exe
2016-06-28 12:38 - 2016-06-28 12:38 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-FRITHJOF-PC-Windows-10-Pro-(64-bit).dat
2016-06-28 12:26 - 2016-06-28 12:26 - 05523840 _____ (Tweaking.com) C:\Users\Frithjof\Downloads\tweaking.com_registry_backup_setup.exe
2016-06-28 12:26 - 2016-06-28 12:26 - 00018005 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-06-28 12:26 - 2016-06-28 12:26 - 00002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-06-28 12:26 - 2016-06-28 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-28 12:26 - 2016-06-28 12:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-28 11:48 - 2016-06-28 11:48 - 00000476 _____ C:\Users\Frithjof\Desktop\Microsoft Support and Recovery Assistant for Office 365.appref-ms
2016-06-28 11:48 - 2016-06-28 11:48 - 00000000 ____D C:\Users\Frithjof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2016-06-28 11:48 - 2016-06-28 11:48 - 00000000 ____D C:\Users\Frithjof\AppData\Local\SaRALogs
2016-06-28 11:47 - 2016-06-28 12:10 - 00000000 ____D C:\Users\Frithjof\AppData\Local\Deployment
2016-06-28 11:47 - 2016-06-28 11:47 - 00199880 _____ (Microsoft Corporation) C:\Users\Frithjof\Downloads\SetupOutlook.exe
2016-06-28 11:46 - 2016-06-27 20:36 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160628-114605.backup
2016-06-28 08:55 - 2016-06-28 08:55 - 03703360 _____ C:\Users\Frithjof\Downloads\adwcleaner_5.200(1).exe
2016-06-28 08:08 - 2016-06-28 08:09 - 03033760 _____ (ESET) C:\Users\Frithjof\Downloads\eset_smart_security_live_installer_.exe
2016-06-27 23:58 - 2016-06-27 23:58 - 02870984 _____ (ESET) C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(4).exe
2016-06-27 23:52 - 2016-06-27 23:52 - 02870984 _____ (ESET) C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(3).exe
2016-06-27 21:12 - 2016-06-27 21:12 - 00000000 ____D C:\SpybotBootCD
2016-06-27 20:09 - 2016-06-27 20:10 - 340670464 _____ C:\Users\Frithjof\Downloads\eset-sysrescue.1.0.9.0.enu.iso
2016-06-27 19:15 - 2016-06-27 19:15 - 02870984 _____ (ESET) C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(2).exe
2016-06-27 19:09 - 2016-06-27 19:09 - 00524248 _____ (F-Secure Corporation) C:\Users\Frithjof\Downloads\F-SecureOnlineScanner(1).exe
2016-06-27 15:25 - 2016-06-27 15:25 - 00003748 _____ C:\Users\Frithjof\Downloads\contest-participants-69123.xlsx
2016-06-27 13:34 - 2016-06-27 13:34 - 00780357 _____ C:\Users\Frithjof\Downloads\export_2016-06-27(1).csv
2016-06-27 13:06 - 2016-06-27 13:06 - 00778941 _____ C:\Users\Frithjof\Downloads\export_2016-06-27.csv
2016-06-24 20:31 - 2016-06-24 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-23 09:15 - 2016-06-23 09:15 - 00673902 _____ C:\Users\Frithjof\Downloads\v2.3.2-Trusted Shops.zip
2016-06-21 14:21 - 2016-06-21 14:21 - 00007201 _____ C:\Users\Frithjof\Downloads\quantitydiscounts.zip
2016-06-21 12:08 - 2016-06-27 20:36 - 00000000 ____D C:\Users\Frithjof\AppData\Local\FSDART
2016-06-21 12:08 - 2016-06-21 12:08 - 00524248 _____ (F-Secure Corporation) C:\Users\Frithjof\Downloads\F-SecureOnlineScanner.exe
2016-06-21 12:08 - 2016-06-21 12:08 - 00000000 ____D C:\Users\Frithjof\AppData\Local\F-Secure
2016-06-20 17:24 - 2016-06-20 17:22 - 142182064 _____ (Microsoft Corporation) C:\Users\Frithjof\Downloads\wlsetup3528-all - Copy.exe
2016-06-20 17:20 - 2016-06-20 17:22 - 142182064 _____ (Microsoft Corporation) C:\Users\Frithjof\Downloads\wlsetup3528-all.exe
2016-06-20 10:06 - 2016-06-20 10:07 - 15736320 _____ C:\Users\Frithjof\Downloads\eLectaScreenRecorder.msi
2016-06-20 09:26 - 2016-06-20 09:49 - 00000000 ____D C:\Users\Frithjof\AppData\Roaming\obs-studio
2016-06-20 09:26 - 2016-06-20 09:26 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-06-20 09:26 - 2016-06-20 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-06-20 09:26 - 2016-06-20 09:26 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-06-20 09:25 - 2016-06-20 09:26 - 40400816 _____ C:\Users\Frithjof\Downloads\OBS-Studio-0.14.2-Installer.exe
2016-06-17 19:43 - 2016-06-17 19:43 - 03703360 _____ C:\Users\Frithjof\Downloads\adwcleaner_5.200.exe
2016-06-17 13:02 - 2016-06-30 11:25 - 00000705 _____ C:\Users\Frithjof\Desktop\JRT.txt
2016-06-17 12:43 - 2016-06-17 12:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Frithjof\Downloads\HijackThis(1).exe
2016-06-17 12:10 - 2016-06-17 12:10 - 02870984 _____ (ESET) C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(1).exe
2016-06-17 10:04 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-06-17 10:03 - 2016-06-28 19:39 - 01849458 _____ C:\WINDOWS\ntbtlog.txt
2016-06-17 08:10 - 2016-06-17 08:10 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-17 08:10 - 2016-06-17 08:10 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-17 08:10 - 2016-06-17 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-17 08:10 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2016-06-16 20:08 - 2016-06-16 20:09 - 00000000 ___HD C:\$SysReset
2016-06-16 15:12 - 2016-06-27 20:51 - 00017230 _____ C:\bdlog.txt
2016-06-16 14:54 - 2016-06-16 14:54 - 00000000 ____D C:\Users\Frithjof\AppData\Temp
2016-06-16 14:51 - 2016-06-16 14:51 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-06-16 14:51 - 2016-06-16 14:51 - 00000000 ____D C:\ProgramData\BDLogging
2016-06-16 14:51 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-06-16 14:41 - 2016-06-16 14:42 - 10539088 _____ C:\Users\Frithjof\Downloads\bitdefender_windows_103e4a0f-6cf8-49cf-92a7-d03a12c6cd24.exe
2016-06-16 14:32 - 2016-06-16 14:32 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-06-16 14:30 - 2016-06-30 15:10 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-06-16 14:22 - 2016-06-16 14:22 - 10539128 _____ C:\Users\Frithjof\Downloads\bitdefender_tsecurity.exe
2016-06-16 13:06 - 2016-06-16 13:11 - 00000000 ____D C:\RescueCD Logs
2016-06-16 10:25 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-16 10:23 - 2016-06-28 11:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-16 10:23 - 2016-06-27 21:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-16 10:23 - 2016-06-16 10:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-16 10:21 - 2016-06-16 10:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Frithjof\Downloads\spybot-2.4.exe
2016-06-16 08:51 - 2016-06-16 08:51 - 01734559 _____ C:\Users\Frithjof\Downloads\com_acymailing_enterprise_v5.5.0_2016-06-16_08-51-11.tar.gz
2016-06-15 18:15 - 2016-06-15 18:15 - 00825040 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2016-06-15 18:15 - 2016-06-15 18:15 - 00753872 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2016-06-15 18:15 - 2016-06-15 18:15 - 00175472 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2016-06-15 18:15 - 2016-06-15 18:15 - 00080424 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2016-06-15 18:15 - 2016-06-15 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2016-06-15 18:15 - 2016-06-15 18:15 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2016-06-15 18:06 - 2016-06-30 14:19 - 00000000 ____D C:\WINDOWS\CryptoGuard
2016-06-15 17:16 - 2016-06-30 13:24 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2016-06-15 17:16 - 2016-06-15 17:16 - 00016384 _____ C:\WINDOWS\SysWOW64\�w�
2016-06-15 16:34 - 2016-06-15 17:16 - 04397896 _____ (SurfRight B.V.) C:\Users\Frithjof\Downloads\hmpalert31.exe
2016-06-15 13:57 - 2016-05-28 08:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 13:57 - 2016-05-28 08:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 13:57 - 2016-05-28 08:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 13:57 - 2016-05-28 08:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 13:57 - 2016-05-28 07:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 13:57 - 2016-05-28 07:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 13:57 - 2016-05-28 07:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 13:57 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 13:57 - 2016-05-28 07:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 13:57 - 2016-05-28 07:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 13:57 - 2016-05-28 07:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 13:57 - 2016-05-28 07:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 13:57 - 2016-05-28 07:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 13:57 - 2016-05-28 07:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 13:57 - 2016-05-28 07:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 13:57 - 2016-05-28 07:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 13:57 - 2016-05-28 07:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 13:57 - 2016-05-28 07:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 13:57 - 2016-05-28 07:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 13:57 - 2016-05-28 07:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 13:57 - 2016-05-28 07:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 13:57 - 2016-05-28 07:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 13:57 - 2016-05-28 07:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 13:57 - 2016-05-28 07:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 13:57 - 2016-05-28 07:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 13:57 - 2016-05-28 07:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 13:57 - 2016-05-28 07:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 13:57 - 2016-05-28 07:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 13:57 - 2016-05-28 07:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 13:57 - 2016-05-28 07:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 13:57 - 2016-05-28 06:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 13:57 - 2016-05-28 06:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 13:57 - 2016-05-28 06:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 13:57 - 2016-05-28 06:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 13:57 - 2016-05-28 06:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 13:57 - 2016-05-28 06:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 13:57 - 2016-05-28 06:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 13:57 - 2016-05-28 06:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 13:57 - 2016-05-28 06:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 13:57 - 2016-05-28 06:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 13:57 - 2016-05-28 06:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 13:57 - 2016-05-28 06:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 13:57 - 2016-05-28 06:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 13:57 - 2016-05-28 06:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 13:57 - 2016-05-28 06:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 13:57 - 2016-05-28 06:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 13:57 - 2016-05-28 06:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 13:57 - 2016-05-28 06:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 13:57 - 2016-05-28 06:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 13:57 - 2016-05-28 06:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 13:57 - 2016-05-28 06:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 13:57 - 2016-05-28 06:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 13:57 - 2016-05-28 06:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 13:57 - 2016-05-28 06:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 13:57 - 2016-05-28 06:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 13:57 - 2016-05-28 06:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 13:57 - 2016-05-28 06:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 13:57 - 2016-05-28 06:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 13:57 - 2016-05-28 06:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 13:57 - 2016-05-28 06:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 13:57 - 2016-05-28 06:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 13:57 - 2016-05-28 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 13:57 - 2016-05-28 06:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 13:57 - 2016-05-28 06:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 13:57 - 2016-05-28 06:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 13:57 - 2016-05-28 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 13:57 - 2016-05-28 06:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 13:57 - 2016-05-28 06:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 13:57 - 2016-05-28 06:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 13:57 - 2016-05-28 06:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 13:57 - 2016-05-28 06:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 13:57 - 2016-05-28 06:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 13:57 - 2016-05-28 06:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 13:57 - 2016-05-28 06:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 13:57 - 2016-05-28 06:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 13:57 - 2016-05-28 06:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 13:57 - 2016-05-28 06:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 13:57 - 2016-05-28 06:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 13:57 - 2016-05-28 06:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 13:57 - 2016-05-28 06:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 13:57 - 2016-05-28 06:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 13:57 - 2016-05-28 06:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 13:57 - 2016-05-28 06:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 13:57 - 2016-05-28 06:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-15 13:57 - 2016-05-28 06:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 13:57 - 2016-05-28 06:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 13:57 - 2016-05-28 06:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 13:57 - 2016-05-28 06:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 13:57 - 2016-05-28 06:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 13:57 - 2016-05-28 06:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 13:57 - 2016-05-28 06:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 13:57 - 2016-05-28 06:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 13:57 - 2016-05-28 06:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 13:57 - 2016-05-28 06:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 13:57 - 2016-05-28 06:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 13:57 - 2016-05-28 06:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 13:57 - 2016-05-28 06:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 13:57 - 2016-05-28 06:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 13:57 - 2016-05-28 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 13:57 - 2016-05-28 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 13:57 - 2016-05-28 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 13:57 - 2016-05-28 06:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 13:57 - 2016-05-28 06:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 13:57 - 2016-05-28 06:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 13:57 - 2016-05-28 06:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 13:57 - 2016-05-28 06:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 13:57 - 2016-05-28 06:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 13:57 - 2016-05-28 06:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 13:57 - 2016-05-28 06:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 13:57 - 2016-05-28 06:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 13:57 - 2016-05-28 06:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 13:57 - 2016-05-28 06:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 13:57 - 2016-05-28 06:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 13:57 - 2016-05-28 06:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 13:57 - 2016-05-28 06:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 13:57 - 2016-05-28 06:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 13:57 - 2016-05-28 06:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 13:57 - 2016-05-28 06:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 13:57 - 2016-05-28 06:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 13:57 - 2016-05-28 06:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 13:57 - 2016-05-28 06:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 13:57 - 2016-05-28 06:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 13:57 - 2016-05-28 06:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 13:57 - 2016-05-28 06:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 13:57 - 2016-05-28 06:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 13:57 - 2016-05-28 06:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 13:57 - 2016-05-28 06:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 13:57 - 2016-05-28 06:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 13:57 - 2016-05-28 06:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 13:57 - 2016-05-28 06:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 13:57 - 2016-05-28 06:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 13:57 - 2016-05-28 06:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 13:57 - 2016-05-28 06:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 13:57 - 2016-05-28 06:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 13:57 - 2016-05-28 06:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 13:57 - 2016-05-28 05:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 13:57 - 2016-05-28 05:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 13:57 - 2016-05-28 05:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 13:57 - 2016-05-28 05:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 13:57 - 2016-05-28 05:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 13:57 - 2016-05-28 05:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 13:57 - 2016-05-28 05:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 13:56 - 2016-05-28 08:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 13:56 - 2016-05-28 08:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 13:56 - 2016-05-28 07:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 13:56 - 2016-05-28 07:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 13:56 - 2016-05-28 07:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 13:56 - 2016-05-28 07:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 13:56 - 2016-05-28 07:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 13:56 - 2016-05-28 07:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 13:56 - 2016-05-28 07:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 13:56 - 2016-05-28 07:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 13:56 - 2016-05-28 07:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 13:56 - 2016-05-28 07:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 13:56 - 2016-05-28 07:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 13:56 - 2016-05-28 06:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 13:56 - 2016-05-28 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 13:56 - 2016-05-28 06:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 13:56 - 2016-05-28 06:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 13:56 - 2016-05-28 06:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 13:56 - 2016-05-28 06:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 13:56 - 2016-05-28 06:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 13:56 - 2016-05-28 06:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-15 13:56 - 2016-05-28 06:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-15 13:56 - 2016-05-28 06:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 13:56 - 2016-05-28 06:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 13:56 - 2016-05-28 06:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 13:56 - 2016-05-28 06:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 13:56 - 2016-05-28 06:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 13:56 - 2016-05-28 06:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 13:56 - 2016-05-28 06:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 13:56 - 2016-05-28 06:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 13:56 - 2016-05-28 06:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 13:56 - 2016-05-28 06:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 13:56 - 2016-05-28 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 13:56 - 2016-05-28 06:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 13:56 - 2016-05-28 06:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 13:56 - 2016-05-28 06:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-15 13:56 - 2016-05-28 06:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 13:56 - 2016-05-28 06:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 13:56 - 2016-05-28 06:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 13:56 - 2016-05-28 06:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 13:56 - 2016-05-28 06:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 13:56 - 2016-05-28 06:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 13:56 - 2016-05-28 06:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 13:56 - 2016-05-28 06:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 13:56 - 2016-05-28 06:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 13:56 - 2016-05-28 06:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 13:56 - 2016-05-28 06:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 13:56 - 2016-05-28 06:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 13:56 - 2016-05-28 06:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 13:56 - 2016-05-28 06:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 13:56 - 2016-05-28 06:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 13:56 - 2016-05-28 06:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 13:56 - 2016-05-28 06:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 13:56 - 2016-05-28 06:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 13:56 - 2016-05-28 06:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 13:56 - 2016-05-28 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 13:56 - 2016-05-28 06:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 13:56 - 2016-05-28 06:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 13:56 - 2016-05-28 06:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-15 13:56 - 2016-05-28 06:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-15 13:56 - 2016-05-28 06:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 13:56 - 2016-05-28 06:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 13:56 - 2016-05-28 06:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 13:56 - 2016-05-28 06:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 13:56 - 2016-05-28 06:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 13:56 - 2016-05-28 06:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 13:56 - 2016-05-28 06:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 13:56 - 2016-05-28 06:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 13:56 - 2016-05-28 06:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 13:56 - 2016-05-28 06:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 13:56 - 2016-05-28 06:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 13:56 - 2016-05-28 05:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 13:56 - 2016-05-28 05:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-14 16:08 - 2016-06-14 16:08 - 02623496 _____ (Kaspersky Lab) C:\Users\Frithjof\Downloads\kss16.0.0.1344mlg_10009.exe
2016-06-14 12:43 - 2016-06-14 12:44 - 02870984 _____ (ESET) C:\Users\Frithjof\Downloads\esetsmartinstaller_deu.exe
2016-06-13 15:02 - 2016-06-13 15:02 - 00002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00002547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-13 15:02 - 2016-06-13 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-06-13 14:56 - 2016-06-13 14:56 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-13 12:03 - 2016-06-13 12:04 - 00153769 _____ C:\Users\Frithjof\Downloads\registervoucher(1).zip
2016-06-10 16:09 - 2016-06-10 16:09 - 00153769 _____ C:\Users\Frithjof\Downloads\registervoucher.zip
2016-06-10 16:08 - 2016-06-10 16:08 - 00107380 _____ C:\Users\Frithjof\Downloads\fblogin.zip
2016-06-09 17:47 - 2016-06-09 17:47 - 00412775 _____ C:\Users\Frithjof\Downloads\_Archiv.zip
2016-06-09 08:05 - 2016-06-09 08:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-08 21:08 - 2016-06-08 21:08 - 02953520 _____ (AVAST Software) C:\Users\Frithjof\Downloads\avast-browser-cleanup.exe
2016-06-06 13:28 - 2016-06-06 13:28 - 00466342 _____ C:\Users\Frithjof\Downloads\Archiv.zip
2016-06-03 10:42 - 2016-06-17 12:45 - 00000000 ____D C:\Users\Frithjof\Downloads\backups
2016-06-03 10:31 - 2016-06-03 10:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Frithjof\Downloads\HijackThis.exe
2016-06-02 14:18 - 2016-06-28 19:40 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-02 12:57 - 2016-06-02 12:57 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-06-02 12:53 - 2016-06-02 12:55 - 01870680 _____ (Panda Security, S.L.) C:\Users\Frithjof\Downloads\PANDAGP16.exe
2016-06-01 23:19 - 2016-06-01 23:19 - 36026816 _____ (Panda Security ) C:\Users\Frithjof\Downloads\PandaCloudCleaner(4).exe
2016-06-01 17:10 - 2016-06-01 17:10 - 05969226 _____ C:\Users\Frithjof\Downloads\AdobeStock_61365334.jpeg
2016-06-01 17:10 - 2016-06-01 17:10 - 00964644 _____ C:\Users\Frithjof\Downloads\AdobeStock_9921611.jpeg
2016-06-01 10:38 - 2016-06-01 10:38 - 06893688 _____ (Piriform Ltd) C:\Users\Frithjof\Downloads\ccsetup518.exe
2016-05-31 18:39 - 2016-05-31 18:59 - 211712411 _____ C:\Users\Frithjof\Downloads\humboldt_umpi(1).sql

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 15:29 - 2012-03-09 13:00 - 00000000 ____D C:\Users\Frithjof\Documents\Outlook-Dateien
2016-06-30 15:28 - 2015-03-14 21:48 - 00000000 ____D C:\Users\Frithjof\AppData\Local\CrashDumps
2016-06-30 15:27 - 2016-03-30 16:58 - 00000604 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1324307301-759359316-4020353428-1000.job
2016-06-30 15:21 - 2012-07-13 12:44 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-30 15:13 - 2015-09-24 11:08 - 00001218 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-30 15:10 - 2016-03-30 16:58 - 00000700 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1324307301-759359316-4020353428-1000.job
2016-06-30 15:03 - 2015-10-21 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-30 14:03 - 2015-05-31 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-30 13:30 - 2016-05-12 00:28 - 01044188 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-30 13:30 - 2016-05-12 00:28 - 00255242 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-30 13:30 - 2016-05-11 14:46 - 02585758 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-30 13:30 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-30 13:27 - 2012-02-26 13:22 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-30 13:25 - 2016-05-06 10:44 - 00000000 ___RD C:\Users\Frithjof\Google Drive
2016-06-30 13:24 - 2016-04-16 16:19 - 00000000 ___RD C:\Users\Frithjof\OneDrive
2016-06-30 13:24 - 2016-03-06 19:20 - 00000091 _____ C:\HaxLogs.txt
2016-06-30 13:24 - 2016-02-13 15:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-30 13:24 - 2015-09-24 11:08 - 00001214 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-30 13:24 - 2012-07-13 12:44 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-30 13:23 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-30 13:14 - 2013-01-23 10:42 - 00000000 ____D C:\Users\Frithjof\AppData\Roaming\Skype
2016-06-30 12:09 - 2015-05-22 12:06 - 00000000 ____D C:\ProgramData\Norton
2016-06-30 12:01 - 2015-03-25 22:44 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-30 09:38 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-30 09:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-30 09:26 - 2014-08-19 22:07 - 00000000 ____D C:\Users\Frithjof\AppData\Local\Adobe
2016-06-29 18:17 - 2015-12-04 10:49 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-06-28 14:00 - 2015-03-25 22:44 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-28 13:28 - 2016-05-11 15:17 - 00000000 ____D C:\Users\Frithjof\AppData\Local\Packages
2016-06-27 23:42 - 2015-06-02 09:44 - 00170280 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2016-06-27 20:52 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-06-27 20:41 - 2015-10-30 08:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-25 10:47 - 2012-02-03 13:14 - 00000000 ____D C:\Users\Frithjof\AppData\Local\Microsoft Help
2016-06-24 20:31 - 2015-09-24 11:08 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-24 08:44 - 2012-05-10 10:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 08:44 - 2012-05-10 10:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-24 08:43 - 2016-05-11 14:48 - 00000000 ____D C:\Users\Frithjof
2016-06-23 10:55 - 2012-05-10 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-22 20:39 - 2015-05-31 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-06-22 20:39 - 2015-05-31 13:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-06-22 08:40 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-22 08:38 - 2012-02-03 13:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-20 17:23 - 2012-12-01 20:40 - 00000000 ____D C:\Users\Frithjof\AppData\Local\Windows Live
2016-06-19 16:37 - 2013-03-14 20:50 - 00000244 _____ C:\Users\Frithjof\cinderella2-user.properties
2016-06-18 00:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-18 00:11 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-18 00:03 - 2012-09-19 20:21 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 00:03 - 2012-09-19 20:21 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 19:40 - 2015-06-08 20:40 - 00000000 ____D C:\Users\Frithjof\AppData\Roaming\QuickScan
2016-06-16 15:10 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-06-16 15:10 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-06-16 14:55 - 2015-03-25 22:28 - 00000000 ____D C:\Users\Frithjof\Desktop\Alte Firefox-Daten
2016-06-16 14:35 - 2016-02-13 15:12 - 05090120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 14:35 - 2015-10-21 11:53 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-06-16 14:34 - 2015-09-04 17:45 - 00000000 ____D C:\ProgramData\Panda Security
2016-06-16 14:33 - 2015-10-21 13:09 - 00000000 ____D C:\Users\Frithjof\AppData\Roaming\Panda Security
2016-06-16 13:32 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default.migrated
2016-06-16 10:25 - 2015-11-12 17:00 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-15 18:09 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-15 18:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-15 18:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 14:22 - 2013-07-18 01:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 14:14 - 2012-02-02 15:09 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 20:33 - 2015-10-30 09:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 20:33 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 14:56 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-08 21:35 - 2016-01-07 02:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-08 21:35 - 2012-04-27 07:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-06 12:32 - 2016-05-12 18:09 - 00000000 ____D C:\Users\DefaultAppPool
2016-06-03 20:55 - 2015-07-01 10:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 17:48 - 2016-01-13 10:19 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-06-02 17:48 - 2016-01-13 10:19 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-06-02 13:10 - 2016-05-12 00:43 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-01 23:19 - 2016-04-01 13:58 - 00001355 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2016-06-01 13:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-06-01 11:15 - 2014-02-10 10:36 - 00007662 _____ C:\Users\Frithjof\AppData\Local\Resmon.ResmonCfg
2016-06-01 10:39 - 2013-01-22 15:28 - 00000000 ____D C:\Users\Frithjof\AppData\Roaming\FileZilla
2016-06-01 10:24 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2013-10-04 18:28 - 2015-01-31 17:23 - 0000132 _____ () C:\Users\Frithjof\AppData\Roaming\Adobe GIF-Format CC - Voreinstellungen
2013-01-28 23:43 - 2013-02-26 01:26 - 0000132 _____ () C:\Users\Frithjof\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-22 22:18 - 2016-04-25 19:18 - 0000132 _____ () C:\Users\Frithjof\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-06-23 10:48 - 2014-06-23 15:36 - 0022436 _____ () C:\Users\Frithjof\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2012-03-30 17:12 - 2012-03-30 17:12 - 0008439 _____ () C:\Users\Frithjof\AppData\Roaming\Kontakte.CSV.30231480.xml
2015-01-08 12:34 - 2015-01-08 12:34 - 0001181 _____ () C:\Users\Frithjof\AppData\Roaming\trace_FilterInstaller.1.txt
2015-01-08 12:34 - 2015-01-09 09:15 - 0000919 _____ () C:\Users\Frithjof\AppData\Roaming\trace_FilterInstaller.txt
2015-01-08 12:34 - 2015-01-09 09:15 - 0000000 _____ () C:\Users\Frithjof\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-08-08 18:02 - 2013-09-21 00:09 - 0000110 _____ () C:\Users\Frithjof\AppData\Roaming\WB.CFG
2013-10-21 16:04 - 2016-01-22 11:16 - 0001456 _____ () C:\Users\Frithjof\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-03-03 19:04 - 2013-03-03 19:05 - 0006656 _____ () C:\Users\Frithjof\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-21 15:52 - 2016-05-25 14:22 - 0000600 _____ () C:\Users\Frithjof\AppData\Local\PUTTY.RND
2012-07-11 21:52 - 2012-07-11 21:52 - 0058880 _____ () C:\Users\Frithjof\AppData\Local\qlpxubtb
2015-12-18 20:52 - 2015-12-18 20:52 - 0003789 _____ () C:\Users\Frithjof\AppData\Local\recently-used.xbel
2014-02-10 10:36 - 2016-06-01 11:15 - 0007662 _____ () C:\Users\Frithjof\AppData\Local\Resmon.ResmonCfg
2016-02-13 12:13 - 2016-02-13 12:13 - 0000000 _____ () C:\Users\Frithjof\AppData\Local\{91AF41D8-AC8E-4781-BACE-D6B81B0D31F6}
2015-01-03 17:23 - 2015-01-03 17:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-01 11:44 - 2014-07-01 11:44 - 0005053 _____ () C:\ProgramData\hwjqxkkr.zva

Some files in TEMP:
====================
C:\Users\Frithjof\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-24 15:41

==================== End of FRST.txt ============================


RogueKiller V12.3.6.0 (x64) [Jun 27 2016] (Free) by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 10 (10.0.10586) 64 bits version
gestarted in : normaler Modus
User : Frithjof [Administrator]
Started from : C:\Users\Frithjof\Desktop\RogueKillerX64.exe
Modus : Scannen -- Datum : 06/30/2016 15:09:59

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?PC=AV01 -> Gefunden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?PC=AV01 -> Gefunden
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Gefunden
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Gefunden
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com/?PC=AV01 -> Gefunden
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com/?PC=AV01 -> Gefunden

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: geladen) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 250GB +++++
--- User ---
[MBR] 442cf593f8c09ba97f9661fc2c0ba0ff
[BSP] 7b635354d667478dedfc387736db89aa : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238374 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate ST95005620AS +++++
--- User ---
[MBR] 6835839e5928552fa3dd5777e5efe196
[BSP] b5fc6197b0c4b809031066cdfad7163e : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 459671 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 944480256 | Size: 15768 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Juliet
2016-06-30, 21:41
Has your antivirus software being updating properly?

By chance, could your machine be set to autoupdate for Microsoft windows?

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
Task: {0E54B70A-72D5-4895-BAEB-EEC3A9254D69} - \{C324077E-E3A0-4BEE-822C-B7C7A9DD550E} -> No File <==== ATTENTION
Task: {120126EA-8369-4B3E-88B4-8B0D869DB2D1} - \G2MUpdateTask-S-1-5-21-1324307301-759359316-4020353428-1000 -> No File <==== ATTENTION
Task: {1AB12998-945B-49A8-AB0F-69DCB4B881E7} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {1CCE14E9-61A7-4EF6-8D0A-C3E9467FB995} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {26F53C62-445E-4D9A-8DE3-A42DE6269C95} - \SUPERAntiSpyware Scheduled Task 8d0590c2-ae5f-4aef-be2d-16065f46532b -> No File <==== ATTENTION
Task: {279A2790-CA57-459A-9B28-4713BEBE3E08} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3A4971E5-F6C3-4CBA-88DE-3F42DEF05DC2} - \{8A7D90B1-09CD-4C82-99D5-54C8078B0E82} -> No File <==== ATTENTION
Task: {73B6390C-1FBF-43D7-8649-425735D100A9} - \{E2E39917-7B53-4470-897C-3E8EBCE124E6} -> No File <==== ATTENTION
Task: {88AED461-B2A0-44D8-B15E-F7026FC698F2} - \Java Platform SE Auto Updater -> No File <==== ATTENTION
Task: {8C247B5C-2AF3-47ED-8E25-A875DB3C0516} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {93598228-D60D-42AB-9D65-A99EF86079FE} - \{9CA7D29C-249C-4CD2-989F-C0417082083D} -> No File <==== ATTENTION
Task: {A4E00632-5E5F-4E60-B9B0-BAE099446467} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A69314E2-611C-43EC-9EDF-E2DE106CA7E2} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {AAC5EBDB-ED17-42AC-A0D9-89822F934272} - \WebReg Officejet 6500 E709a Series -> No File <==== ATTENTION
Task: {B09FDB7E-32C6-4F3F-9599-E76B4580AF74} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B787BA2A-6F83-4464-86DC-E84284980B30} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {BE52805A-EBAA-43B9-976B-5BCB67ED2921} - \G2MUploadTask-S-1-5-21-1324307301-759359316-4020353428-1000 -> No File <==== ATTENTION
Task: {CB71A058-ABDB-4F45-8201-C02B7052A1CB} - \SUPERAntiSpyware Scheduled Task 504be6ac-4f4e-4e4c-bbd2-771cbd7824f9 -> No File <==== ATTENTION
Task: {D2092D79-28AE-4C52-B039-E59AEA8EC3DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D9329535-94CE-4F48-9F7F-A6D0A6DFACBF} - \Microsoft_MKC_Logon_Task_itype.exe -> No File <==== ATTENTION
Task: {DDC977ED-9853-40AC-9C05-8A5EFBBCE651} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {DE04F873-BA91-41DE-B2BA-1A399D6685FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E252CF8C-56AD-41CF-A395-8C291CC907FB} - \{3D9D960B-DB71-42A9-BE0D-7DD16AB608ED} -> No File <==== ATTENTION
Task: {FAF5ED7B-589E-46C5-88E4-B7C7A723EABE} - \{BC4DAC18-9546-4621-93ED-A2AE9200F9D7} -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Frithjof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Silverlight Controls Browser.lnk -> C:\Users\Frithjof\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\3163075259.www.silverlight.net\3163075259.www.silverlight.net.ico () -> 3163075259.www.silverlight.net
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC [149]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\F-SecureOnlineScanner(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\F-SecureOnlineScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\OBS-Studio-0.14.2-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\wlsetup3528-all - Copy.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\wlsetup3528-all.exe:BDU [0]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about_:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about_:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?PC=AV01
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/?PC=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1324307301-759359316-4020353428-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1324307301-759359316-4020353428-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-07] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-07] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-01-07] [not signed]
CHR DefaultSearchURL: Default -> hxxp://pandasecurity.mystart.com/results.php?searchsource=omnibar&pr=vmn&id=pandasecuritytb&v=2_3&ent=ds_671&q={searchTerms}
CHR HKLM\...\Chrome\Extension: - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
HKLM-x32\...\Run: [] => [X]
C:\ProgramData\hwjqxkkr.zva
C:\Users\Frithjof\AppData\Local\Temp\dllnt_dump.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~`


Open Malwarebytes Anti-Malware

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You [i]may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

dauphin
2016-07-01, 12:52
Dear Juliet,

thanks again. hereby the asked informations. Waiting next instructions.

Thanks
Dauphin

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Frithjof (2016-07-01 10:21:31) Run:1
Running from C:\Users\Frithjof\Desktop
Loaded Profiles: Frithjof (Available Profiles: Frithjof & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {0E54B70A-72D5-4895-BAEB-EEC3A9254D69} - \{C324077E-E3A0-4BEE-822C-B7C7A9DD550E} -> No File <==== ATTENTION
Task: {120126EA-8369-4B3E-88B4-8B0D869DB2D1} - \G2MUpdateTask-S-1-5-21-1324307301-759359316-4020353428-1000 -> No File <==== ATTENTION
Task: {1AB12998-945B-49A8-AB0F-69DCB4B881E7} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {1CCE14E9-61A7-4EF6-8D0A-C3E9467FB995} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {26F53C62-445E-4D9A-8DE3-A42DE6269C95} - \SUPERAntiSpyware Scheduled Task 8d0590c2-ae5f-4aef-be2d-16065f46532b -> No File <==== ATTENTION
Task: {279A2790-CA57-459A-9B28-4713BEBE3E08} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3A4971E5-F6C3-4CBA-88DE-3F42DEF05DC2} - \{8A7D90B1-09CD-4C82-99D5-54C8078B0E82} -> No File <==== ATTENTION
Task: {73B6390C-1FBF-43D7-8649-425735D100A9} - \{E2E39917-7B53-4470-897C-3E8EBCE124E6} -> No File <==== ATTENTION
Task: {88AED461-B2A0-44D8-B15E-F7026FC698F2} - \Java Platform SE Auto Updater -> No File <==== ATTENTION
Task: {8C247B5C-2AF3-47ED-8E25-A875DB3C0516} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {93598228-D60D-42AB-9D65-A99EF86079FE} - \{9CA7D29C-249C-4CD2-989F-C0417082083D} -> No File <==== ATTENTION
Task: {A4E00632-5E5F-4E60-B9B0-BAE099446467} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A69314E2-611C-43EC-9EDF-E2DE106CA7E2} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {AAC5EBDB-ED17-42AC-A0D9-89822F934272} - \WebReg Officejet 6500 E709a Series -> No File <==== ATTENTION
Task: {B09FDB7E-32C6-4F3F-9599-E76B4580AF74} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B787BA2A-6F83-4464-86DC-E84284980B30} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {BE52805A-EBAA-43B9-976B-5BCB67ED2921} - \G2MUploadTask-S-1-5-21-1324307301-759359316-4020353428-1000 -> No File <==== ATTENTION
Task: {CB71A058-ABDB-4F45-8201-C02B7052A1CB} - \SUPERAntiSpyware Scheduled Task 504be6ac-4f4e-4e4c-bbd2-771cbd7824f9 -> No File <==== ATTENTION
Task: {D2092D79-28AE-4C52-B039-E59AEA8EC3DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D9329535-94CE-4F48-9F7F-A6D0A6DFACBF} - \Microsoft_MKC_Logon_Task_itype.exe -> No File <==== ATTENTION
Task: {DDC977ED-9853-40AC-9C05-8A5EFBBCE651} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {DE04F873-BA91-41DE-B2BA-1A399D6685FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E252CF8C-56AD-41CF-A395-8C291CC907FB} - \{3D9D960B-DB71-42A9-BE0D-7DD16AB608ED} -> No File <==== ATTENTION
Task: {FAF5ED7B-589E-46C5-88E4-B7C7A723EABE} - \{BC4DAC18-9546-4621-93ED-A2AE9200F9D7} -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Frithjof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Silverlight Controls Browser.lnk -> C:\Users\Frithjof\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\3163075259.http://www.silverlight.net\316307525...rlight.net.ico () -> 3163075259.www.silverlight.net
AlternateDataStreams: C:\ProgramData\TEMP:31D9EFCC [149]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\F-SecureOnlineScanner(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\F-SecureOnlineScanner.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\OBS-Studio-0.14.2-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\wlsetup3528-all - Copy.exe:BDU [0]
AlternateDataStreams: C:\Users\Frithjof\Downloads\wlsetup3528-all.exe:BDU [0]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about_:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about_:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?PC=AV01
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/?PC=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1324307301-759359316-4020353428-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1324307301-759359316-4020353428-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-07] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-07] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-01-07] [not signed]
CHR DefaultSearchURL: Default -> hxxp://pandasecurity.mystart.com/results.php?searchsource=omnibar&pr=vmn&id=pandasecuritytb&v=2_3&ent=ds_671&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
HKLM-x32\...\Run: [] => [X]
C:\ProgramData\hwjqxkkr.zva
C:\Users\Frithjof\AppData\Local\Temp\dllnt_dump.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E54B70A-72D5-4895-BAEB-EEC3A9254D69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E54B70A-72D5-4895-BAEB-EEC3A9254D69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C324077E-E3A0-4BEE-822C-B7C7A9DD550E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{120126EA-8369-4B3E-88B4-8B0D869DB2D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{120126EA-8369-4B3E-88B4-8B0D869DB2D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUpdateTask-S-1-5-21-1324307301-759359316-4020353428-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AB12998-945B-49A8-AB0F-69DCB4B881E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AB12998-945B-49A8-AB0F-69DCB4B881E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CCE14E9-61A7-4EF6-8D0A-C3E9467FB995}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CCE14E9-61A7-4EF6-8D0A-C3E9467FB995}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26F53C62-445E-4D9A-8DE3-A42DE6269C95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26F53C62-445E-4D9A-8DE3-A42DE6269C95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 8d0590c2-ae5f-4aef-be2d-16065f46532b" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{279A2790-CA57-459A-9B28-4713BEBE3E08}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{279A2790-CA57-459A-9B28-4713BEBE3E08}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A4971E5-F6C3-4CBA-88DE-3F42DEF05DC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4971E5-F6C3-4CBA-88DE-3F42DEF05DC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A7D90B1-09CD-4C82-99D5-54C8078B0E82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73B6390C-1FBF-43D7-8649-425735D100A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B6390C-1FBF-43D7-8649-425735D100A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2E39917-7B53-4470-897C-3E8EBCE124E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88AED461-B2A0-44D8-B15E-F7026FC698F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88AED461-B2A0-44D8-B15E-F7026FC698F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Platform SE Auto Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C247B5C-2AF3-47ED-8E25-A875DB3C0516}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C247B5C-2AF3-47ED-8E25-A875DB3C0516}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93598228-D60D-42AB-9D65-A99EF86079FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93598228-D60D-42AB-9D65-A99EF86079FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9CA7D29C-249C-4CD2-989F-C0417082083D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4E00632-5E5F-4E60-B9B0-BAE099446467}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4E00632-5E5F-4E60-B9B0-BAE099446467}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A69314E2-611C-43EC-9EDF-E2DE106CA7E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A69314E2-611C-43EC-9EDF-E2DE106CA7E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAC5EBDB-ED17-42AC-A0D9-89822F934272}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC5EBDB-ED17-42AC-A0D9-89822F934272}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebReg Officejet 6500 E709a Series" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B09FDB7E-32C6-4F3F-9599-E76B4580AF74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B09FDB7E-32C6-4F3F-9599-E76B4580AF74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B787BA2A-6F83-4464-86DC-E84284980B30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B787BA2A-6F83-4464-86DC-E84284980B30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE52805A-EBAA-43B9-976B-5BCB67ED2921}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE52805A-EBAA-43B9-976B-5BCB67ED2921}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUploadTask-S-1-5-21-1324307301-759359316-4020353428-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB71A058-ABDB-4F45-8201-C02B7052A1CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB71A058-ABDB-4F45-8201-C02B7052A1CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 504be6ac-4f4e-4e4c-bbd2-771cbd7824f9" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2092D79-28AE-4C52-B039-E59AEA8EC3DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2092D79-28AE-4C52-B039-E59AEA8EC3DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9329535-94CE-4F48-9F7F-A6D0A6DFACBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9329535-94CE-4F48-9F7F-A6D0A6DFACBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_itype.exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDC977ED-9853-40AC-9C05-8A5EFBBCE651}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDC977ED-9853-40AC-9C05-8A5EFBBCE651}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE04F873-BA91-41DE-B2BA-1A399D6685FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE04F873-BA91-41DE-B2BA-1A399D6685FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E252CF8C-56AD-41CF-A395-8C291CC907FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E252CF8C-56AD-41CF-A395-8C291CC907FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D9D960B-DB71-42A9-BE0D-7DD16AB608ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAF5ED7B-589E-46C5-88E4-B7C7A723EABE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAF5ED7B-589E-46C5-88E4-B7C7A723EABE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC4DAC18-9546-4621-93ED-A2AE9200F9D7}" => key removed successfully
C:\Users\Frithjof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Silverlight Controls Browser.lnk => Shortcut argument removed successfully.
C:\ProgramData\TEMP => ":31D9EFCC" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Users\Frithjof\Downloads\esetsmartinstaller_deu(2).exe => ":BDU" ADS removed successfully.
C:\Users\Frithjof\Downloads\F-SecureOnlineScanner(1).exe => ":BDU" ADS removed successfully.
C:\Users\Frithjof\Downloads\F-SecureOnlineScanner.exe => ":BDU" ADS removed successfully.
C:\Users\Frithjof\Downloads\OBS-Studio-0.14.2-Installer.exe => ":BDU" ADS removed successfully.
C:\Users\Frithjof\Downloads\wlsetup3528-all - Copy.exe => ":BDU" ADS removed successfully.
C:\Users\Frithjof\Downloads\wlsetup3528-all.exe => ":BDU" ADS removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1324307301-759359316-4020353428-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1324307301-759359316-4020353428-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => key removed successfully
HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => moved successfully
Chrome DefaultSearchURL => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\ProgramData\hwjqxkkr.zva => moved successfully
C:\Users\Frithjof\AppData\Local\Temp\dllnt_dump.dll => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {64BF9B25-4706-45C9-A0B6-ECFE6401A9F7}.
{8BE82958-818A-4DFF-9614-ABD0E2789141} canceled.
{8A5217CE-6CA1-46E4-B3C8-B4FD92DBD49D} canceled.
{BA2EE5EC-D67B-474F-9A51-38582A5142DB} canceled.
{6A9F3902-9B77-4292-9203-9827713499B3} canceled.
{E621AA22-3ED3-4A41-A89B-9EFD045C81E7} canceled.
5 out of 6 jobs canceled.

========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64890463 B
Java, Flash, Steam htmlcache => 3824 B
Windows/system/drivers => 2843350 B
Edge => 8704 B
Chrome => 29562188 B
Firefox => 364229999 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 713027 B
LocalService => 19492912 B
NetworkService => 0 B
Frithjof => 241513675 B
DefaultAppPool => 0 B

RecycleBin => 272499106 B
EmptyTemp: => 949.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:22:15 ====


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01.07.2016
Scan Time: 10:27
Logfile: mbam-log-2016-07-01.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.01.02
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Frithjof

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 451539
Time Elapsed: 20 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2016-07-01, 16:10
Has your antivirus software being updating properly?

By chance, could your machine be set to auto-update for Microsoft windows?

*******************

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Go here http://www.eset.com/us/online-scanner/ and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.

You will be prompted to download and install esetonlinescanner_enu.exe.
Click on the link and save the file to a convenient location.
Double-click on esetonlinescanner_enu.exe to install and a new window will open.
Follow the prompts.
Turn off the real-time scanner of any existing antivirus program before performing the online scan.
Here's how
here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
******
At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
Tick the option Enable detection of potentially unwanted applications
Click on Advanced settings
Make sure that the option Clean threats automatically is unticked.
Ensure these options are ticked:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth technology
Click Scan
Wait for the scan to finish.
When the scan is done, if it shows a screen that says Threats found, click Save to text file... then it a name and save it to your desktop.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Please copy/paste the contents of the log in your next reply.
To close ESET Online Scanner, select Do not clean then Finish

~~~~~~~~~~~~~~~~`
Please download and scan with SUPERAntiSpyware Free (http://www.superantispyware.com/) Double-click SUPERAntiSypware.exe, choose Custom Install and uncheck the options to install Google Chrome or any offers for free toolbars if you do not want them.
After setup completes...Decline any Trial offers to upgrade to the Pro Version.
An icon will be created on your desktop. Double-click that icon to launch the program.
If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here (http://www.superantispyware.com/definitions.html). Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
In the Main Menu, click System Tools & Program Settings, then click Preferences.
Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set): Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the Back button on the bottom, then click Home to return to the Main Menu.
Back on the Main Menu, under "Select Scan Type" check the box for Complete Scan.
If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
Click the Scan your computer... button.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the Main Menu.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again. Click the View Scan Logs button at the bottom.
This will open the Scanner Logs Window.
Click on the log to highlight it and then click on View Selected Log to open it.
Copy and paste the scan log results in your next reply.


~~~~

Please post these 2 logs when finished also, give me an update on how the computer is at the moment.

dauphin
2016-07-02, 20:19
Hi Juliet,

again thanks for help. I made both scans, eset didn't find anything (so i have no logfile), I had ESET as AV before, Superantispyware had 138 findings.
Generally spoken I have thr feeling computer is faster again, problems with outlook are gone, same with browsing or chatting with skype. Finally I think computer works much better.

Thanks
dauphin

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2016 at 06:51 PM

Application Version : 6.0.1220
Database Version : 12816

Scan type : Complete Scan
Total Scan Time : 00:29:25

Operating System Information
Windows 10 Professional 64-bit (Build 10.00.10586)
UAC On - Limited User

Memory items scanned : 992
Memory threats detected : 0
Registry items scanned : 72564
Registry threats detected : 0
File items scanned : 58321
File threats detected : 138

Adware.Tracking Cookie
cdn.vidible.tv [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\P3A9YHST ]
.abmr.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.btrll.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.scorecardresearch.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.exelator.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.eloqua.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.eloqua.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.pubmatic.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.pubmatic.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
bs.serving-sys.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adsrvr.org [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adsrvr.org [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.tapad.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.tapad.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.scorecardresearch.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.scorecardresearch.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.intellitxt.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.intellitxt.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.intellitxt.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.crwdcntrl.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.crwdcntrl.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.crwdcntrl.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.crwdcntrl.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.chango.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.tubemogul.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.chango.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adadvisor.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.dmtry.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.bluekai.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.bluekai.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.bidswitch.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.demdex.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.dpm.demdex.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
tap-t.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
tap.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.259371023.log.optimizely.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.m6r.eu [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.mookie1.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.geo-um.btrll.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.lijit.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.liverail.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.liverail.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.eyeota.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.w55c.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.mookie1.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
tap2-cdn.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.gwallet.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.turn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.pixel.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.turn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adaptv.advertising.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rlcdn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.turn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.taboola.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.taboola.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
trc.taboola.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.m6r.eu [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.tidaltv.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.teads.tv [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.teads.tv [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.bidswitch.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.exelator.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.addthis.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adform.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.criteo.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.simpli.fi [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.turn.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.addthis.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.sxp.smartclip.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.adnxs.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.mathtag.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.viglink.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.rubiconproject.com [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]
.w55c.net [ C:\USERS\FRITHJOF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW2M87OJ.DEFAULT-1466081700507\COOKIES.SQLITE ]

============
End of Log
============

Juliet
2016-07-02, 21:10
Generally spoken I have thr feeling computer is faster again, problems with outlook are gone, same with browsing or chatting with skype. Finally I think computer works much better.

Good deal.

I think your good to go.

DelFix


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~`

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Juliet
2016-07-07, 20:09
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.