Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
IE und Firefox komplett mit Werbung verbannert

IE und Firefox komplett mit Werbung verbannert


Plagegeister aller Art und deren Bekämpfung: IE und Firefox komplett mit Werbung verbannert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.12.2014, 00:00   #1
omg noop
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Hab das grauslige Prob, dass IE und Mozilla mit Werbung komplett verbannert wird. McAfee blockt wohl die Anzeigen, doch massenweise kommen die Anzeigen durch. Auch Verlinkungen, Vorschläge wenn man mit der Maus drüber geht uvm.

Kann mir bitte jemand helfen, steh komplett am Berg.

Alt 06.12.2014, 00:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 06.12.2014, 00:14   #3
omg noop
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Philip Weiss at 2014-12-06 00:09:46
Running from C:\Users\Philip Weiss\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.)
AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
Alienware Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
BetterMarkIt (HKLM-x32\...\894D568D-DD4C-E979-9A60-94E3C4A52373) (Version:  - BetterMarkIt-software) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FreeCAD 0.14 - A free open source CAD system (HKLM-x32\...\FreeCAD 0.14) (Version: 0.14.3700 - Juergen Riegel)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Photosmart 7510 series - Grundlegende Software für das Gerät (HKLM\...\{9C6AEF56-1684-4D12-A060-BFDD71D105C0}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Hilfe (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Macromedia Flash 5 (HKLM-x32\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1031-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1429 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NVIDIA 3D Vision Treiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Open Workbench (HKLM-x32\...\{1E9A9E08-0366-45EE-9B66-51852F8D9812}) (Version: 1.1.6 - CA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.209 - Search Protect) <==== ATTENTION
Studie zur Verbesserung von HP Photosmart 7510 series Produkten (HKLM\...\{54FFCA2E-6FAE-4154-B6B3-73776763F173}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\BetterMarkIt Update.job => ?
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => ?
Task: C:\Windows\Tasks\LKAEVT.job => ?
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => ?
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => ?
Task: C:\Windows\Tasks\ZEDI.job => ?

==================== Loaded Modules (whitelisted) =============

2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Desk 365 => "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-3861434528-3431555863-1564601657-500 - Administrator - Disabled)
Gast (S-1-5-21-3861434528-3431555863-1564601657-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3861434528-3431555863-1564601657-1003 - Limited - Enabled)
Nora Weiss (S-1-5-21-3861434528-3431555863-1564601657-1004 - Limited - Enabled) => C:\Users\Nora Weiss
Ph.Weiss (S-1-5-21-3861434528-3431555863-1564601657-1001 - Administrator - Enabled) => C:\Users\Ph.Weiss
Philip Weiss (S-1-5-21-3861434528-3431555863-1564601657-1005 - Limited - Enabled) => C:\Users\Philip Weiss
UpdatusUser (S-1-5-21-3861434528-3431555863-1564601657-1000 - Limited - Enabled) => C:\Users\TEMP
Ursula (S-1-5-21-3861434528-3431555863-1564601657-1006 - Limited - Enabled) => C:\Users\Ursula

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1502 802.11b/g/n
Description: Dell Wireless 1502 802.11b/g/n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2014 05:52:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {9473af44-c3fb-4b2c-99c3-a66380f1a042}

Error: (12/03/2014 03:46:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KHALMNPR.EXE, Version: 5.80.4.0, Zeitstempel: 0x5330b495
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x160
Startzeit der fehlerhaften Anwendung: 0xKHALMNPR.EXE0
Pfad der fehlerhaften Anwendung: KHALMNPR.EXE1
Pfad des fehlerhaften Moduls: KHALMNPR.EXE2
Berichtskennung: KHALMNPR.EXE3

Error: (12/03/2014 02:24:09 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Excel: Rejected Safe Mode action : Sie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Excel.

Error: (12/03/2014 02:24:08 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Excel: Rejected Safe Mode action : Sie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Excel.

Error: (12/02/2014 10:54:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {d7679e90-7c72-46be-92f7-a42d963de825}

Error: (11/30/2014 05:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.3.0.322, Zeitstempel: 0x52b21807
Name des fehlerhaften Moduls: core.dll, Version: 2.3.0.322, Zeitstempel: 0x52b263f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000323a
ID des fehlerhaften Prozesses: 0x1de0
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3

Error: (11/28/2014 10:44:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {2bcff8c6-e2dd-4f87-b040-6bb4b578c74f}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {5ff06fbe-510a-4723-85c1-f2566e2257b6}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2cdd82db-54dc-466b-924b-8269bad041c6}

Error: (11/25/2014 03:21:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/02/2014 05:27:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (12/02/2014 05:26:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}


Microsoft Office Sessions:
=========================
Error: (12/05/2014 05:52:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {9473af44-c3fb-4b2c-99c3-a66380f1a042}

Error: (12/03/2014 03:46:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KHALMNPR.EXE5.80.4.05330b495ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410216001d00cbd6e328f52C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Windows\SYSTEM32\ntdll.dll39cfc034-7afb-11e4-b50c-848f69f58c2e

Error: (12/03/2014 02:24:09 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft ExcelSie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?

Error: (12/03/2014 02:24:08 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft ExcelSie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?

Error: (12/02/2014 10:54:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {d7679e90-7c72-46be-92f7-a42d963de825}

Error: (11/30/2014 05:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.3.0.32252b21807core.dll2.3.0.32252b263f3c00000050000323a1de001d00cbd842ea415C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\core\core.dllc3bfae6f-78b0-11e4-b50c-848f69f58c2e

Error: (11/28/2014 10:44:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {2bcff8c6-e2dd-4f87-b040-6bb4b578c74f}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {5ff06fbe-510a-4723-85c1-f2566e2257b6}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2cdd82db-54dc-466b-924b-8269bad041c6}

Error: (11/25/2014 03:21:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-11-01 14:23:08.141
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:08.086
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:03.709
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:03.211
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.894
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.834
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.784
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.734
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.674
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.624
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 74%
Total physical RAM: 8090.25 MB
Available physical RAM: 2046.52 MB
Total Pagefile: 16178.69 MB
Available Pagefile: 7845.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.32 GB) (Free:844.55 GB) NTFS
Drive f: (Elements) (Fixed) (Total:298.09 GB) (Free:262.46 GB) NTFS
Drive g: (Externer_HD) (Fixed) (Total:115.04 GB) (Free:106.81 GB) NTFS

==================== MBR & Partition Table ==================

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Philip Weiss (ATTENTION: The logged in user is not administrator) on BÜRO on 06-12-2014 00:09:16
Running from C:\Users\Philip Weiss\Downloads
Loaded Profiles: Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast (Available profiles: UpdatusUser & Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\MsSpellCheckingFacility.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {7cc132d0-49f8-11e3-aa7e-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {a1210922-3f40-11e3-b8d5-848f69f58c2e} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {d4eb64fc-2808-11e4-9b6f-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {fd5bdf0d-61c7-11e4-be42-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8794327E05DECE01
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3861434528-3431555863-1564601657-1000.bak] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3861434528-3431555863-1564601657-1001] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3861434528-3431555863-1564601657-1004] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3861434528-3431555863-1564601657-1006] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3861434528-3431555863-1564601657-501] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: BetterMarkIt -> {55B1147E-3B17-AED1-F0BF-CF903C461319} -> C:\Program Files (x86)\ver9BetterMarkIt\181_x64.dll ()
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: BetterMarkIt -> {55B1147E-3B17-AED1-F0BF-CF903C461319} -> C:\Program Files (x86)\ver9BetterMarkIt\181.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: TheTorntv V10 - C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-22]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [13168 2012-06-18] (Alienware)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3056960 2014-11-10] (Search Protect)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-05] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-10-26] (Corsica)
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 23:48 - 2014-12-05 23:48 - 00031408 _____ () C:\Users\Philip Weiss\Downloads\Addition.txt
2014-12-05 23:47 - 2014-12-06 00:09 - 00022669 _____ () C:\Users\Philip Weiss\Downloads\FRST.txt
2014-12-05 23:47 - 2014-12-06 00:09 - 00000000 ____D () C:\FRST
2014-12-05 23:46 - 2014-12-05 23:46 - 02117632 _____ (Farbar) C:\Users\Philip Weiss\Downloads\FRST64.exe
2014-12-04 20:02 - 2014-12-04 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Roaming\Apple Computer
2014-11-30 17:45 - 2014-11-30 17:45 - 00000000 ____D () C:\Users\Nora Weiss\.android
2014-11-24 20:24 - 2014-11-24 20:24 - 00000000 __SHD () C:\Users\Philip Weiss\AppData\Local\EmieBrowserModeList
2014-11-24 20:16 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-24 20:16 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-24 20:16 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-24 20:16 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-11 21:20 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:20 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:20 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:20 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:20 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:20 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:20 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:20 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:20 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:20 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:20 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:20 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:20 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:20 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:20 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:20 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:20 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:20 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:20 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:20 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:20 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:20 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:20 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:20 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:20 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:20 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:20 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:20 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:20 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:20 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:20 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:20 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:20 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:20 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:20 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:20 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:20 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:20 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:20 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:20 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:20 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:20 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:20 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:20 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:20 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:20 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:20 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:20 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:20 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:20 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:20 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:20 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:20 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:20 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:20 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:20 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:20 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:20 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:20 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:20 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:20 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:20 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:20 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:20 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:20 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:20 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:20 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:20 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:16 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:16 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:16 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:16 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:15 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:15 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:15 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:15 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 21:15 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:15 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:15 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:15 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 23:53 - 2014-11-24 20:09 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\HTC MediaHub
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\Documents\HTC
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\Apple Computer
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Apple Computer
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\.android
2014-11-10 23:52 - 2014-11-10 23:52 - 00002033 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2014-11-10 23:51 - 2014-11-10 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-11-10 23:51 - 2014-11-10 23:51 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-11-10 23:47 - 2014-11-10 23:51 - 00037272 _____ () C:\Windows\DPINST.LOG
2014-11-10 23:47 - 2014-11-10 23:47 - 00000000 ____D () C:\ProgramData\HTC
2014-11-10 23:42 - 2014-11-10 23:42 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 00:05 - 2013-10-27 20:51 - 00000394 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-12-06 00:00 - 2013-10-27 20:51 - 00000536 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-05 23:50 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 23:50 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 23:24 - 2014-11-02 13:32 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-12-05 23:22 - 2012-10-20 22:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 22:34 - 2014-10-26 16:34 - 00004484 _____ () C:\Windows\Tasks\2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4.job
2014-12-05 20:11 - 2012-10-21 06:03 - 01484536 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 16:26 - 2014-10-26 16:36 - 00000430 _____ () C:\Windows\Tasks\BetterMarkIt Update.job
2014-12-05 02:00 - 2013-12-01 16:54 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Adobe
2014-12-04 20:02 - 2014-04-22 21:42 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-12-03 14:26 - 2012-10-21 05:41 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-03 14:26 - 2012-10-21 05:41 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-03 14:26 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 14:01 - 2014-04-12 07:17 - 00103920 _____ () C:\Users\Ursula\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 17:50 - 2013-11-02 12:03 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-30 17:48 - 2014-04-12 07:18 - 00000000 ____D () C:\Users\Ursula\AppData\Local\Htc
2014-11-30 17:48 - 2014-02-17 06:03 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Htc
2014-11-30 17:45 - 2013-11-03 11:16 - 00000000 ____D () C:\Users\Nora Weiss
2014-11-25 22:22 - 2012-10-20 22:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 22:22 - 2012-10-20 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 03:18 - 2013-12-05 20:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-25 03:18 - 2012-10-20 22:37 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-11-25 03:17 - 2014-11-01 12:06 - 00008347 _____ () C:\Windows\setupact.log
2014-11-25 03:17 - 2014-11-01 12:05 - 00020542 _____ () C:\Windows\PFRO.log
2014-11-25 03:17 - 2014-04-22 21:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-25 03:17 - 2012-10-21 06:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-25 03:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 12:16 - 2014-10-26 16:35 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-16 12:16 - 2014-04-22 21:16 - 00000644 _____ () C:\Windows\wininit.ini
2014-11-16 12:11 - 2013-12-24 23:50 - 00000000 ____D () C:\Users\Gast
2014-11-12 04:20 - 2014-04-22 21:34 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-12 03:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:34 - 2014-10-03 19:58 - 00000000 ____D () C:\Users\TEMP
2014-11-12 03:24 - 2013-10-27 20:48 - 00000000 ____D () C:\Users\Ph.Weiss
2014-11-12 03:22 - 2009-07-14 05:45 - 05078088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:19 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:03 - 2013-11-03 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:01 - 2013-11-03 11:05 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 23:54 - 2014-02-17 06:02 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HTC
2014-11-10 23:53 - 2013-11-06 20:23 - 00103920 _____ () C:\Users\Philip Weiss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 23:53 - 2013-11-06 20:22 - 00000000 ____D () C:\Users\Philip Weiss
2014-11-10 23:52 - 2014-02-16 14:19 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-11-10 23:49 - 2012-10-20 22:38 - 00000000 ____D () C:\Temp
2014-11-10 23:41 - 2013-11-06 20:22 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\Adobe
2014-11-10 23:14 - 2013-11-10 12:14 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HpUpdate

Some content of TEMP:
====================
C:\Users\Philip Weiss\AppData\Local\Temp\jna7382536261128028260.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Dies waren die richtigen Files?

Übrigens VIELEN DANK für die promte Hilfestellung!
__________________
Alt 06.12.2014, 00:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Was ist denn mit meiner Frage nach bisherigen Virenfunden?

Zitat:
Ran by Philip Weiss (ATTENTION: The logged in user is not administrator) on BÜRO on 06-12-2014 00:09:16
Running from C:\Users\Philip Weiss\Downloads
1. brauchen alle unserer Tools Adminrechte
2. Hostname=BÜRO? Ist das ein gewebrlich gentuztes System?
3. Anleitungen bitte richtig lesen und umsetzen, Tool wie FRST sollen auf den Desktop, nicht nach Downloads
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.12.2014, 00:25   #5
omg noop
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


kp wo ich die letzten funde von McAfee finden kann....
nein, Büro ist lediglich mein PC, der hat keine Verbindungen in einem Netzwerk zu einer Firma oder sonst was.

soll ich mich als admin einloggen?


Alt 06.12.2014, 00:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Gib dem betroffenen Benutzer Adminrechte und erstell die Logs neu
__________________
--> IE und Firefox komplett mit Werbung verbannert

Alt 06.12.2014, 00:39   #7
omg noop
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


hab mich nun als admin angemeldet, ist für mich einiges einfacher.
files kommen gleich

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Ph.Weiss at 2014-12-06 00:37:06
Running from C:\Users\Ph.Weiss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L8PGY9TB
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.)
AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
Alienware Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
BetterMarkIt (HKLM-x32\...\894D568D-DD4C-E979-9A60-94E3C4A52373) (Version:  - BetterMarkIt-software) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FreeCAD 0.14 - A free open source CAD system (HKLM-x32\...\FreeCAD 0.14) (Version: 0.14.3700 - Juergen Riegel)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Photosmart 7510 series - Grundlegende Software für das Gerät (HKLM\...\{9C6AEF56-1684-4D12-A060-BFDD71D105C0}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Hilfe (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Macromedia Flash 5 (HKLM-x32\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1031-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1429 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NVIDIA 3D Vision Treiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Open Workbench (HKLM-x32\...\{1E9A9E08-0366-45EE-9B66-51852F8D9812}) (Version: 1.1.6 - CA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.209 - Search Protect) <==== ATTENTION
Studie zur Verbesserung von HP Photosmart 7510 series Produkten (HKLM\...\{54FFCA2E-6FAE-4154-B6B3-73776763F173}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-11-2014 18:24:10 Windows Update
10-11-2014 22:14:57 Windows Update
12-11-2014 02:00:12 Windows Update
24-11-2014 19:16:40 Windows Update
25-11-2014 02:00:12 Windows Update
28-11-2014 21:44:44 Windows Update
02-12-2014 09:54:18 Windows Update
05-12-2014 16:52:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26F4EA07-A4A2-418F-B0D4-2F5FF098E540} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {3440E375-5496-42FA-BCBB-9FC4F965005F} - System32\Tasks\AdobeAAMUpdater-1.0-Büro-Philip Weiss => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {3577A8A4-5CCC-4768-A3D4-317D8212600E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {3AFF276E-3F27-4AD0-AF7A-5FE2C6039D75} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {4E9EFF7E-70D3-42F0-9233-B2C0B74465E2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {52F42211-FEB0-4735-AB69-94691543E207} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5699D7C2-C94D-45E9-9D58-3A7BC0FD58EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6D09C1DE-0A10-4869-9306-66B0E600E66D} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\AlienAutopsy\pcdrcui.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {72712FD6-5966-44CD-B92F-59CC35234F42} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {731D3136-17A1-4C2A-BF5F-44EE3A2A9B0B} - System32\Tasks\BetterMarkIt Update => C:\Program Files (x86)\ver9BetterMarkIt\o3BetterMarkIte87.exe [2014-10-26] () <==== ATTENTION
Task: {882C088C-BE16-4A13-988A-551CD154844B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {A910D3F4-A5F8-4B8C-A83D-92AB82D71CA4} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {B6F6E052-CD47-4DB2-B178-EC04EAD05E70} - System32\Tasks\2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4 => C:\Program Files (x86)\TheTorntv V10\2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4.job => C:\Program Files (x86)\TheTorntv V10\2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BetterMarkIt Update.job => C:\Program Files (x86)\ver9BetterMarkIt\o3BetterMarkIte87.exe <==== ATTENTION
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\LKAEVT.job => C:\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\AlienAutopsy\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\AlienAutopsy\pcdrcui.exe
Task: C:\Windows\Tasks\ZEDI.job => C:\Users\Philip Weiss\AppData\Roaming\ZEDI.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-10-13 15:31 - 2014-10-13 15:31 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-22 06:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-21 06:05 - 2013-08-09 21:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-04-13 19:11 - 2010-04-13 19:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2013-12-13 12:20 - 2013-12-13 12:20 - 04696432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-11-03 11:04 - 2014-11-03 11:04 - 00083312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
2012-10-20 22:38 - 2012-01-26 21:49 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-12-14 02:07 - 2011-12-14 02:07 - 00479232 _____ () C:\Program Files\AlienAutopsy\libAsapiCSharp.dll
2011-12-14 02:07 - 2011-12-14 02:07 - 00011776 _____ () C:\Program Files\AlienAutopsy\libGapiCSharp.dll
2011-12-14 02:07 - 2011-12-14 02:07 - 00094208 _____ () C:\Program Files\AlienAutopsy\libCSharpCommonCS.dll
2011-12-14 02:07 - 2011-12-14 02:07 - 00036864 _____ () C:\Program Files\AlienAutopsy\libDataStoreCSharp.dll
2011-12-14 02:07 - 2011-12-14 02:07 - 00081920 _____ () C:\Program Files\AlienAutopsy\libTonopahClientCSharp.dll
2014-10-26 16:35 - 2014-10-26 16:35 - 00554496 _____ () C:\Program Files (x86)\ver9BetterMarkIt\o3BetterMarkIte87.exe
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-10-20 22:31 - 2012-03-06 14:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-19 10:49 - 2013-12-19 10:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00109056 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00010240 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
1997-01-17 00:00 - 1997-01-17 00:00 - 00022016 _____ () C:\Windows\SysWow64\docobj.dll
1997-01-17 00:00 - 1997-01-17 00:00 - 00012288 _____ () C:\Windows\SysWow64\hlinkprx.dll
2014-09-04 13:50 - 2014-09-04 13:50 - 00312832 _____ () C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU
2014-11-03 11:07 - 2014-11-03 11:07 - 00170352 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ResourceMgt.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00162152 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\CrashRpt.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00522616 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManagerLib.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00117104 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\WebKitBrowser.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 21281120 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\WebKit.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 01046880 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\cairo.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00190816 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\libpng.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 03041648 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\JavaScriptCore.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00776544 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\CFLite.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 01349984 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\icuuc.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 21973352 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\icudt48.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00058728 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\pthreadVC2.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 01153384 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\libxml2.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00444776 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ProfileMgt.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00424320 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientLiteDll.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 04028808 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\DesktopClientCppLib_vc80.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00133480 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DeviceMgt.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00227680 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\WPDEnc.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00207216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\WifiDeviceMgt.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00203128 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\AndroidPlaylist.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00016240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\FilePlugin_Cnt.Dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00019304 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\GroupMgt.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00829800 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\Plugins\npplayer.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00239992 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DesktopClient\desktopclientlib.dll
2014-06-20 05:08 - 2014-11-24 20:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-26 06:24 - 2014-06-26 06:24 - 00612664 _____ () C:\Program Files (x86)\ver9BetterMarkIt\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Desk 365 => "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-3861434528-3431555863-1564601657-500 - Administrator - Disabled)
Gast (S-1-5-21-3861434528-3431555863-1564601657-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3861434528-3431555863-1564601657-1003 - Limited - Enabled)
Nora Weiss (S-1-5-21-3861434528-3431555863-1564601657-1004 - Limited - Enabled) => C:\Users\Nora Weiss
Ph.Weiss (S-1-5-21-3861434528-3431555863-1564601657-1001 - Administrator - Enabled) => C:\Users\Ph.Weiss
Philip Weiss (S-1-5-21-3861434528-3431555863-1564601657-1005 - Limited - Enabled) => C:\Users\Philip Weiss
UpdatusUser (S-1-5-21-3861434528-3431555863-1564601657-1000 - Limited - Enabled) => C:\Users\TEMP
Ursula (S-1-5-21-3861434528-3431555863-1564601657-1006 - Limited - Enabled) => C:\Users\Ursula

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1502 802.11b/g/n
Description: Dell Wireless 1502 802.11b/g/n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2014 00:30:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KHALMNPR.EXE, Version: 5.80.4.0, Zeitstempel: 0x5330b495
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x2344
Startzeit der fehlerhaften Anwendung: 0xKHALMNPR.EXE0
Pfad der fehlerhaften Anwendung: KHALMNPR.EXE1
Pfad des fehlerhaften Moduls: KHALMNPR.EXE2
Berichtskennung: KHALMNPR.EXE3

Error: (12/05/2014 05:52:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {9473af44-c3fb-4b2c-99c3-a66380f1a042}

Error: (12/03/2014 03:46:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KHALMNPR.EXE, Version: 5.80.4.0, Zeitstempel: 0x5330b495
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x160
Startzeit der fehlerhaften Anwendung: 0xKHALMNPR.EXE0
Pfad der fehlerhaften Anwendung: KHALMNPR.EXE1
Pfad des fehlerhaften Moduls: KHALMNPR.EXE2
Berichtskennung: KHALMNPR.EXE3

Error: (12/03/2014 02:24:09 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Excel: Rejected Safe Mode action : Sie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Excel.

Error: (12/03/2014 02:24:08 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Excel: Rejected Safe Mode action : Sie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Excel.

Error: (12/02/2014 10:54:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {d7679e90-7c72-46be-92f7-a42d963de825}

Error: (11/30/2014 05:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.3.0.322, Zeitstempel: 0x52b21807
Name des fehlerhaften Moduls: core.dll, Version: 2.3.0.322, Zeitstempel: 0x52b263f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000323a
ID des fehlerhaften Prozesses: 0x1de0
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3

Error: (11/28/2014 10:44:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {2bcff8c6-e2dd-4f87-b040-6bb4b578c74f}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {5ff06fbe-510a-4723-85c1-f2566e2257b6}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2cdd82db-54dc-466b-924b-8269bad041c6}


System errors:
=============
Error: (12/06/2014 00:31:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (12/02/2014 05:27:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/02/2014 05:26:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.


Microsoft Office Sessions:
=========================
Error: (12/06/2014 00:30:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: KHALMNPR.EXE5.80.4.05330b495ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102234401d00cbd842ea415C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Windows\SYSTEM32\ntdll.dlla8c2f895-7cd6-11e4-b50c-848f69f58c2e

Error: (12/05/2014 05:52:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {9473af44-c3fb-4b2c-99c3-a66380f1a042}

Error: (12/03/2014 03:46:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KHALMNPR.EXE5.80.4.05330b495ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410216001d00cbd6e328f52C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Windows\SYSTEM32\ntdll.dll39cfc034-7afb-11e4-b50c-848f69f58c2e

Error: (12/03/2014 02:24:09 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft ExcelSie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?

Error: (12/03/2014 02:24:08 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft ExcelSie halten die STRG-TASTE gedrückt. Möchten Sie Excel im abgesicherten Modus starten?

Error: (12/02/2014 10:54:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {d7679e90-7c72-46be-92f7-a42d963de825}

Error: (11/30/2014 05:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Creative Cloud.exe2.3.0.32252b21807core.dll2.3.0.32252b263f3c00000050000323a1de001d00cbd842ea415C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\core\core.dllc3bfae6f-78b0-11e4-b50c-848f69f58c2e

Error: (11/28/2014 10:44:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {2bcff8c6-e2dd-4f87-b040-6bb4b578c74f}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-3861434528-3431555863-1564601657-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {5ff06fbe-510a-4723-85c1-f2566e2257b6}

Error: (11/25/2014 03:21:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2cdd82db-54dc-466b-924b-8269bad041c6}


CodeIntegrity Errors:
===================================
  Date: 2014-11-01 14:23:08.141
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:08.086
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:03.709
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:03.211
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.894
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.834
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.784
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.734
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.674
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.624
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 66%
Total physical RAM: 8090.25 MB
Available physical RAM: 2746.25 MB
Total Pagefile: 16178.69 MB
Available Pagefile: 8375.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.32 GB) (Free:844.12 GB) NTFS
Drive f: (Elements) (Fixed) (Total:298.09 GB) (Free:262.46 GB) NTFS
Drive g: (Externer_HD) (Fixed) (Total:115.04 GB) (Free:106.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0B547854)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00061ADE)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 115 GB) (Disk ID: 97101FF8)
Partition 1: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Ph.Weiss (administrator) on BÜRO on 06-12-2014 00:36:04
Running from C:\Users\Ph.Weiss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L8PGY9TB
Loaded Profiles: Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast (Available profiles: UpdatusUser & Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Search Protect) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\MsSpellCheckingFacility.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(PC-Doctor, Inc.) C:\Program Files\AlienAutopsy\pcdrcui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
() C:\Program Files (x86)\ver9BetterMarkIt\o3BetterMarkIte87.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Run: [TornTv Downloader] => C:\Users\Ph.Weiss\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\RunOnce: [Uninstall C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\MountPoints2: {d4eb64fc-2808-11e4-9b6f-848f69f58c2e} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\...\MountPoints2: {d4eb64fc-2808-11e4-9b6f-848f69f58c2e} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {7cc132d0-49f8-11e3-aa7e-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {a1210922-3f40-11e3-b8d5-848f69f58c2e} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {d4eb64fc-2808-11e4-9b6f-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {fd5bdf0d-61c7-11e4-be42-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 7510 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 7510 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Ph.Weiss\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-3861434528-3431555863-1564601657-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB8A1A0DC7ED8CE01
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8794327E05DECE01
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2290B7B90BDBCF01
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKU\S-1-5-21-3861434528-3431555863-1564601657-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-ch/?ocid=iehp
HKU\S-1-5-21-3861434528-3431555863-1564601657-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8313AE58E01D001
HKU\S-1-5-21-3861434528-3431555863-1564601657-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M34A5F773-B446-4738-9062-E6263996BFA7&SearchSource=58&CUI=&UM=2&UP=SP36F97472-1A19-48C6-9CC3-E19BC59371B7&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M34A5F773-B446-4738-9062-E6263996BFA7&SearchSource=58&CUI=&UM=2&UP=SP36F97472-1A19-48C6-9CC3-E19BC59371B7&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001 -> {2EA3D482-9B39-4607-AA50-D4B4239AB3DA} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: BetterMarkIt -> {55B1147E-3B17-AED1-F0BF-CF903C461319} -> C:\Program Files (x86)\ver9BetterMarkIt\181_x64.dll ()
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: BetterMarkIt -> {55B1147E-3B17-AED1-F0BF-CF903C461319} -> C:\Program Files (x86)\ver9BetterMarkIt\181.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M34A5F773-B446-4738-9062-E6263996BFA7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP36F97472-1A19-48C6-9CC3-E19BC59371B7
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M34A5F773-B446-4738-9062-E6263996BFA7&SearchSource=55&CUI=&UM=2&UP=SP36F97472-1A19-48C6-9CC3-E19BC59371B7&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3861434528-3431555863-1564601657-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\user.js
FF SearchPlugin: C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\searchplugins\trovi-search.xml
FF Extension: TheTorntv V10 - C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-22]
FF HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Firefox\Extensions: [{BE0CA9DB-3581-BB94-42A6-BD0A2ED1AA2B}] - C:\Program Files (x86)\ver9BetterMarkIt\181.xpi
FF Extension: BetterMarkIt - C:\Program Files (x86)\ver9BetterMarkIt\181.xpi [2014-10-26]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [13168 2012-06-18] (Alienware)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3056960 2014-11-10] (Search Protect)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-05] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-10-26] (Corsica)
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 00:33 - 2014-12-06 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-06 00:32 - 2014-12-06 00:32 - 00000000 __SHD () C:\Users\Ph.Weiss\AppData\Local\EmieBrowserModeList
2014-12-05 23:48 - 2014-12-06 00:09 - 00031408 _____ () C:\Users\Philip Weiss\Downloads\Addition.txt
2014-12-05 23:47 - 2014-12-06 00:36 - 00000000 ____D () C:\FRST
2014-12-05 23:47 - 2014-12-06 00:09 - 00042113 _____ () C:\Users\Philip Weiss\Downloads\FRST.txt
2014-12-05 23:46 - 2014-12-05 23:46 - 02117632 _____ (Farbar) C:\Users\Philip Weiss\Downloads\FRST64.exe
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\Documents\HTC
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Roaming\Apple Computer
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Local\HTC MediaHub
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Local\Apple Computer
2014-11-30 17:45 - 2014-11-30 17:45 - 00000000 ____D () C:\Users\Nora Weiss\.android
2014-11-24 20:24 - 2014-11-24 20:24 - 00000000 __SHD () C:\Users\Philip Weiss\AppData\Local\EmieBrowserModeList
2014-11-24 20:16 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-24 20:16 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-24 20:16 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-24 20:16 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 12:17 - 2014-11-16 12:17 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-11-16 12:17 - 2014-11-16 12:17 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-11-16 12:17 - 2014-11-16 12:17 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieBrowserModeList
2014-11-16 12:12 - 2014-11-16 12:12 - 00103920 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\Documents\HTC
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\HTC MediaHub
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer
2014-11-16 12:11 - 2014-11-16 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\SearchProtect
2014-11-16 12:11 - 2014-11-16 12:11 - 00000000 ____D () C:\Users\Gast\.android
2014-11-11 21:20 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:20 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:20 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:20 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:20 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:20 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:20 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:20 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:20 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:20 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:20 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:20 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:20 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:20 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:20 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:20 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:20 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:20 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:20 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:20 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:20 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:20 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:20 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:20 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:20 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:20 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:20 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:20 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:20 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:20 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:20 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:20 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:20 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:20 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:20 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:20 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:20 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:20 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:20 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:20 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:20 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:20 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:20 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:20 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:20 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:20 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:20 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:20 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:20 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:20 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:20 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:20 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:20 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:20 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:20 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:20 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:20 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:20 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:20 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:20 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:20 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:20 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:20 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:20 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:20 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:20 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:20 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:20 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:16 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:16 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:16 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:16 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:15 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:15 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:15 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:15 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 21:15 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:15 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:15 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:15 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 23:53 - 2014-12-06 00:33 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\HTC MediaHub
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\Documents\HTC
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\Apple Computer
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Apple Computer
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\.android
2014-11-10 23:52 - 2014-11-10 23:52 - 00002033 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2014-11-10 23:51 - 2014-11-10 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-11-10 23:51 - 2014-11-10 23:51 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-11-10 23:47 - 2014-11-10 23:51 - 00037272 _____ () C:\Windows\DPINST.LOG
2014-11-10 23:47 - 2014-11-10 23:47 - 00000000 ____D () C:\ProgramData\HTC
2014-11-10 23:42 - 2014-11-10 23:42 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 00:33 - 2014-10-26 16:36 - 00000430 _____ () C:\Windows\Tasks\BetterMarkIt Update.job
2014-12-06 00:33 - 2014-04-22 21:42 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-12-06 00:33 - 2013-10-27 20:51 - 00003418 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-12-06 00:33 - 2013-10-27 20:51 - 00000536 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-06 00:33 - 2013-10-27 20:51 - 00000394 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-12-06 00:33 - 2012-10-21 05:41 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-06 00:33 - 2012-10-21 05:41 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-06 00:33 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 00:32 - 2013-10-27 20:49 - 00103920 _____ () C:\Users\Ph.Weiss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-06 00:31 - 2014-11-01 12:06 - 00009363 _____ () C:\Windows\setupact.log
2014-12-06 00:31 - 2014-09-01 09:18 - 00001171 _____ () C:\Users\Philip Weiss\AppData\Roaming\LKAEVT
2014-12-06 00:31 - 2014-09-01 09:18 - 00000365 _____ () C:\Users\Philip Weiss\AppData\Roaming\ZEDI
2014-12-06 00:31 - 2014-02-16 15:12 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\Htc
2014-12-06 00:31 - 2012-10-20 22:46 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-06 00:31 - 2012-10-20 22:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-06 00:31 - 2012-10-20 22:37 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-12-06 00:30 - 2014-10-26 16:36 - 00010716 _____ () C:\Windows\patsearch.bin
2014-12-06 00:30 - 2014-10-26 16:34 - 00004484 _____ () C:\Windows\Tasks\2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4.job
2014-12-06 00:30 - 2012-10-21 06:03 - 01484628 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 00:24 - 2014-11-02 13:32 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-12-06 00:22 - 2012-10-20 22:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 23:50 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 23:50 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 02:00 - 2013-12-01 16:54 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Adobe
2014-12-03 14:01 - 2014-04-12 07:17 - 00103920 _____ () C:\Users\Ursula\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 17:50 - 2013-11-02 12:03 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-30 17:48 - 2014-04-12 07:18 - 00000000 ____D () C:\Users\Ursula\AppData\Local\Htc
2014-11-30 17:48 - 2014-02-17 06:03 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Htc
2014-11-30 17:46 - 2014-03-22 13:09 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Local\Htc
2014-11-30 17:46 - 2013-12-08 11:01 - 00103920 _____ () C:\Users\Nora Weiss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 17:45 - 2013-11-03 11:16 - 00000000 ____D () C:\Users\Nora Weiss
2014-11-25 22:22 - 2012-10-20 22:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 22:22 - 2012-10-20 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 22:22 - 2012-10-20 22:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 03:18 - 2013-12-05 20:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-25 03:17 - 2014-11-01 12:05 - 00020542 _____ () C:\Windows\PFRO.log
2014-11-25 03:17 - 2014-04-22 21:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-25 03:17 - 2012-10-21 06:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-25 03:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 12:16 - 2014-10-26 16:35 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-16 12:16 - 2014-04-22 21:16 - 00000644 _____ () C:\Windows\wininit.ini
2014-11-16 12:12 - 2014-04-12 07:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Htc
2014-11-16 12:11 - 2013-12-24 23:50 - 00000000 ____D () C:\Users\Gast
2014-11-12 04:20 - 2014-04-22 21:34 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-12 03:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:34 - 2014-10-03 19:58 - 00000000 ____D () C:\Users\TEMP
2014-11-12 03:24 - 2013-10-27 20:48 - 00000000 ____D () C:\Users\Ph.Weiss
2014-11-12 03:22 - 2009-07-14 05:45 - 05078088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:19 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:03 - 2013-11-03 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:01 - 2013-11-03 11:05 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 23:54 - 2014-02-17 06:02 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HTC
2014-11-10 23:53 - 2013-11-06 20:23 - 00103920 _____ () C:\Users\Philip Weiss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 23:53 - 2013-11-06 20:22 - 00000000 ____D () C:\Users\Philip Weiss
2014-11-10 23:52 - 2014-02-16 14:19 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-11-10 23:49 - 2012-10-20 22:38 - 00000000 ____D () C:\Temp
2014-11-10 23:48 - 2014-02-16 14:20 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\Downloaded Installations
2014-11-10 23:43 - 2014-08-26 14:32 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\Adobe
2014-11-10 23:41 - 2013-11-06 20:22 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\Adobe
2014-11-10 23:14 - 2013-11-10 12:14 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HpUpdate

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\SPSetup.exe
C:\Users\Ph.Weiss\AppData\Local\Temp\ICReinstall_installer_autocad_2013_2013_32bit_Deutsch.exe
C:\Users\Philip Weiss\AppData\Local\Temp\jna7382536261128028260.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 00:05

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 06.12.2014, 15:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.12.2014, 20:37   #9
omg noop
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by Ph.Weiss at 2014-12-09 20:30:04
Running from C:\Users\Ph.Weiss\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AlienAutopsy (HKLM\...\AlienAutopsy) (Version: 3.1.5907.16 - Dell Inc.)
AlienAutopsy (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
Alienware Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
BetterMarkIt (HKLM-x32\...\894D568D-DD4C-E979-9A60-94E3C4A52373) (Version:  - BetterMarkIt-software) <==== ATTENTION
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FreeCAD 0.14 - A free open source CAD system (HKLM-x32\...\FreeCAD 0.14) (Version: 0.14.3700 - Juergen Riegel)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Photosmart 7510 series - Grundlegende Software für das Gerät (HKLM\...\{9C6AEF56-1684-4D12-A060-BFDD71D105C0}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Hilfe (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Macromedia Flash 5 (HKLM-x32\...\{4C93C363-414E-11D4-9756-00C04F8EEB39}) (Version: 5 - Macromedia)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1031-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1429 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Open Workbench (HKLM-x32\...\{1E9A9E08-0366-45EE-9B66-51852F8D9812}) (Version: 1.1.6 - CA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
Studie zur Verbesserung von HP Photosmart 7510 series Produkten (HKLM\...\{54FFCA2E-6FAE-4154-B6B3-73776763F173}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-11-2014 18:24:10 Windows Update
10-11-2014 22:14:57 Windows Update
12-11-2014 02:00:12 Windows Update
24-11-2014 19:16:40 Windows Update
25-11-2014 02:00:12 Windows Update
28-11-2014 21:44:44 Windows Update
02-12-2014 09:54:18 Windows Update
05-12-2014 16:52:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26F4EA07-A4A2-418F-B0D4-2F5FF098E540} - System32\Tasks\PCDEventLauncher => C:\Program Files\AlienAutopsy\sessionchecker.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {3440E375-5496-42FA-BCBB-9FC4F965005F} - System32\Tasks\AdobeAAMUpdater-1.0-Büro-Philip Weiss => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {3577A8A4-5CCC-4768-A3D4-317D8212600E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {3914CAFA-ECD6-4EBE-B312-DC25F4E41AC8} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\AlienAutopsy\uaclauncher.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {3AFF276E-3F27-4AD0-AF7A-5FE2C6039D75} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {4E9EFF7E-70D3-42F0-9233-B2C0B74465E2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {52F42211-FEB0-4735-AB69-94691543E207} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6D09C1DE-0A10-4869-9306-66B0E600E66D} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\AlienAutopsy\pcdrcui.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {72712FD6-5966-44CD-B92F-59CC35234F42} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2011-12-14] (PC-Doctor, Inc.)
Task: {882C088C-BE16-4A13-988A-551CD154844B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {A910D3F4-A5F8-4B8C-A83D-92AB82D71CA4} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\LKAEVT.job => C:\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\AlienAutopsy\uaclauncher.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\AlienAutopsy\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\AlienAutopsy\pcdrcui.exe
Task: C:\Windows\Tasks\ZEDI.job => C:\Users\Philip Weiss\AppData\Roaming\ZEDI.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-10-21 06:05 - 2013-08-09 21:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-22 06:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-04-13 19:11 - 2010-04-13 19:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-12-13 12:20 - 2013-12-13 12:20 - 04696432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-10-20 22:38 - 2012-01-26 21:49 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-10-20 22:31 - 2012-03-06 14:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-19 10:49 - 2013-12-19 10:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00109056 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00010240 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2014-06-20 05:08 - 2014-11-24 20:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Desk 365 => "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-3861434528-3431555863-1564601657-500 - Administrator - Disabled)
Gast (S-1-5-21-3861434528-3431555863-1564601657-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3861434528-3431555863-1564601657-1003 - Limited - Enabled)
Nora Weiss (S-1-5-21-3861434528-3431555863-1564601657-1004 - Limited - Enabled) => C:\Users\Nora Weiss
Ph.Weiss (S-1-5-21-3861434528-3431555863-1564601657-1001 - Administrator - Enabled) => C:\Users\Ph.Weiss
Philip Weiss (S-1-5-21-3861434528-3431555863-1564601657-1005 - Limited - Enabled) => C:\Users\Philip Weiss
UpdatusUser (S-1-5-21-3861434528-3431555863-1564601657-1000 - Limited - Enabled) => C:\Users\TEMP
Ursula (S-1-5-21-3861434528-3431555863-1564601657-1006 - Limited - Enabled) => C:\Users\Ursula

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1502 802.11b/g/n
Description: Dell Wireless 1502 802.11b/g/n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-01 14:23:08.141
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:08.086
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:03.709
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:23:03.211
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LMouFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.894
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.834
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.784
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.734
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.674
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 14:22:59.624
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\WINDOWS\System32\drivers\LHidFilt.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8090.25 MB
Available physical RAM: 5215.48 MB
Total Pagefile: 16178.69 MB
Available Pagefile: 12528.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.32 GB) (Free:843.44 GB) NTFS
Drive f: (Elements) (Fixed) (Total:298.09 GB) (Free:262.46 GB) NTFS
Drive g: (Externer_HD) (Fixed) (Total:115.04 GB) (Free:106.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0B547854)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00061ADE)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 115 GB) (Disk ID: 97101FF8)
Partition 1: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
ATTFilter
# AdwCleaner v4.104 - Bericht erstellt am 07/12/2014 um 12:29:19
# Aktualisiert 05/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Ph.Weiss - BÜRO
# Gestartet von : C:\Users\Ph.Weiss\Downloads\AdwCleaner_4.104.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BackupStack
Dienst Gelöscht : CltMngSvc
Dienst Gelöscht : webinstrNew

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\pcdr
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Gast\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Ph.Weiss\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Ph.Weiss\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Ph.Weiss\AppData\Roaming\pcdr
Ordner Gelöscht : C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Philip Weiss\AppData\Local\SearchProtect
Datei Gelöscht : C:\Windows\System32\drivers\wStLibG64.sys
Datei Gelöscht : C:\Windows\System32\drivers\webinstrNew.sys
Datei Gelöscht : C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Ph.Weiss\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\user.js

***** [ Tasks ] *****

Task Gelöscht : bettermarkit Update
Task Gelöscht : 2d6ac26f-7d47-439c-a6d6-5f6d8b152b8d-4

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\TornTv Downloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TheTorntv V10
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\better_markit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v32.0.1 (x86 de)

[g679ysgt.default-1392234617311\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M34A5F773-B446-4738-9062-E6263996BFA7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP36F97472-1A19-48C[...]
[g679ysgt.default-1392234617311\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi search");
[g679ysgt.default-1392234617311\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
[g679ysgt.default-1392234617311\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M34A5F773-B446-4738-9062-E6263996BFA7&SearchSource=55&CUI=&UM=2&UP=SP36F97472-1A19-48C6-9CC3[...]
[g679ysgt.default-1392234617311\prefs.js] - Zeile gelöscht : user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7[...]
[g679ysgt.default-1392234617311\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "1494d97661bd96a1acf35801f2f0bd33");

*************************

AdwCleaner[R0].txt - [31587 octets] - [13/09/2014 10:38:37]
AdwCleaner[R1].txt - [14010 octets] - [13/09/2014 11:36:33]
AdwCleaner[R2].txt - [13311 octets] - [13/09/2014 11:40:12]
AdwCleaner[R3].txt - [2950 octets] - [14/09/2014 19:19:16]
AdwCleaner[R4].txt - [2625 octets] - [15/09/2014 10:23:17]
AdwCleaner[R5].txt - [6724 octets] - [07/12/2014 11:56:09]
AdwCleaner[R6].txt - [6784 octets] - [07/12/2014 12:24:40]
AdwCleaner[S0].txt - [27331 octets] - [13/09/2014 11:41:01]
AdwCleaner[S1].txt - [3021 octets] - [14/09/2014 19:20:39]
AdwCleaner[S1_1].txt - [3021 octets] - [14/09/2014 19:25:13]
AdwCleaner[S2].txt - [6305 octets] - [07/12/2014 12:29:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6365 octets] ##########

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Ph.Weiss (administrator) on BÜRO on 09-12-2014 20:29:07
Running from C:\Users\Ph.Weiss\Downloads
Loaded Profiles: Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast (Available profiles: UpdatusUser & Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\RunOnce: [Uninstall C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ph.Weiss\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\MountPoints2: {d4eb64fc-2808-11e4-9b6f-848f69f58c2e} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\...\MountPoints2: {d4eb64fc-2808-11e4-9b6f-848f69f58c2e} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {7cc132d0-49f8-11e3-aa7e-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {a1210922-3f40-11e3-b8d5-848f69f58c2e} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {d4eb64fc-2808-11e4-9b6f-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\...\MountPoints2: {fd5bdf0d-61c7-11e4-be42-848f69f58c2e} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 7510 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 7510 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Ph.Weiss\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-3861434528-3431555863-1564601657-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB8A1A0DC7ED8CE01
HKU\S-1-5-21-3861434528-3431555863-1564601657-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8794327E05DECE01
HKU\S-1-5-21-3861434528-3431555863-1564601657-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2290B7B90BDBCF01
HKU\S-1-5-21-3861434528-3431555863-1564601657-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKU\S-1-5-21-3861434528-3431555863-1564601657-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-ch/?ocid=iehp
HKU\S-1-5-21-3861434528-3431555863-1564601657-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8313AE58E01D001
HKU\S-1-5-21-3861434528-3431555863-1564601657-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3861434528-3431555863-1564601657-1001 -> {2EA3D482-9B39-4607-AA50-D4B4239AB3DA} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: BetterMarkIt -> {55B1147E-3B17-AED1-F0BF-CF903C461319} -> C:\Program Files (x86)\ver9BetterMarkIt\181_x64.dll ()
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: BetterMarkIt -> {55B1147E-3B17-AED1-F0BF-CF903C461319} -> C:\Program Files (x86)\ver9BetterMarkIt\181.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3861434528-3431555863-1564601657-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: TheTorntv V10 - C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\Extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-22]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-22]
FF HKU\S-1-5-21-3861434528-3431555863-1564601657-1001\...\Firefox\Extensions: [{BE0CA9DB-3581-BB94-42A6-BD0A2ED1AA2B}] - C:\Program Files (x86)\ver9BetterMarkIt\181.xpi
FF Extension: BetterMarkIt - C:\Program Files (x86)\ver9BetterMarkIt\181.xpi [2014-10-26]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [13168 2012-06-18] (Alienware)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-05] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 20:29 - 2014-12-09 20:29 - 00028696 _____ () C:\Users\Ph.Weiss\Downloads\FRST.txt
2014-12-09 20:27 - 2014-12-09 20:27 - 00003368 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay
2014-12-09 20:27 - 2014-12-09 20:27 - 00000536 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
2014-12-09 20:27 - 2014-12-09 20:27 - 00000000 ____D () C:\ProgramData\PCDr
2014-12-09 20:25 - 2014-12-09 20:25 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 20:24 - 2014-12-09 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-09 20:21 - 2014-12-09 20:28 - 00000000 ____D () C:\Users\Ph.Weiss\Desktop\Probs
2014-12-07 14:06 - 2014-12-07 14:06 - 00000000 ____D () C:\Users\Ursula\AppData\Local\Microsoft Help
2014-12-07 12:01 - 2014-12-07 12:01 - 02119680 _____ (Farbar) C:\Users\Ph.Weiss\Downloads\FRST64.exe
2014-12-07 11:59 - 2014-12-07 11:59 - 01707646 _____ (Thisisu) C:\Users\Ph.Weiss\Downloads\JRT.exe
2014-12-07 11:56 - 2014-12-07 12:24 - 00000110 _____ () C:\AdwCleanerDebug.txt
2014-12-07 11:55 - 2014-12-07 11:55 - 02153472 _____ () C:\Users\Ph.Weiss\Downloads\AdwCleaner_4.104.exe
2014-12-07 11:37 - 2014-12-07 11:37 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Roaming\Apple Computer
2014-12-07 11:37 - 2014-12-07 11:37 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\Apple Computer
2014-12-07 11:36 - 2014-12-07 12:22 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\HTC MediaHub
2014-12-07 11:36 - 2014-12-07 11:36 - 00000000 ____D () C:\Users\Ph.Weiss\Documents\HTC
2014-12-06 00:32 - 2014-12-06 00:32 - 00000000 __SHD () C:\Users\Ph.Weiss\AppData\Local\EmieBrowserModeList
2014-12-05 23:48 - 2014-12-06 00:09 - 00031408 _____ () C:\Users\Philip Weiss\Downloads\Addition.txt
2014-12-05 23:47 - 2014-12-09 20:29 - 00000000 ____D () C:\FRST
2014-12-05 23:47 - 2014-12-06 00:09 - 00042113 _____ () C:\Users\Philip Weiss\Downloads\FRST.txt
2014-12-05 23:46 - 2014-12-05 23:46 - 02117632 _____ (Farbar) C:\Users\Philip Weiss\Downloads\FRST64.exe
2014-11-30 17:46 - 2014-12-07 13:41 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Local\HTC MediaHub
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\Documents\HTC
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Roaming\Apple Computer
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Local\Apple Computer
2014-11-30 17:45 - 2014-11-30 17:45 - 00000000 ____D () C:\Users\Nora Weiss\.android
2014-11-24 20:24 - 2014-11-24 20:24 - 00000000 __SHD () C:\Users\Philip Weiss\AppData\Local\EmieBrowserModeList
2014-11-24 20:16 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-24 20:16 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-24 20:16 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-24 20:16 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 12:17 - 2014-11-16 12:17 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-11-16 12:17 - 2014-11-16 12:17 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-11-16 12:17 - 2014-11-16 12:17 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieBrowserModeList
2014-11-16 12:12 - 2014-11-16 12:12 - 00103920 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\Documents\HTC
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\HTC MediaHub
2014-11-16 12:12 - 2014-11-16 12:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer
2014-11-16 12:11 - 2014-11-16 12:11 - 00000000 ____D () C:\Users\Gast\.android
2014-11-11 21:20 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:20 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:20 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:20 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:20 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:20 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:20 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:20 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:20 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:20 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:20 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:20 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:20 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:20 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:20 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:20 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:20 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:20 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:20 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:20 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:20 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:20 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:20 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:20 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:20 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:20 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:20 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:20 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:20 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:20 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:20 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:20 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:20 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:20 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:20 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:20 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:20 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:20 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:20 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:20 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:20 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:20 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:20 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:20 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:20 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:20 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:20 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:20 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:20 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:20 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:20 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:20 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:20 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:20 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:20 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:20 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:20 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:20 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:20 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:20 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:20 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:20 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:20 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:20 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:20 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:20 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:20 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:20 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:16 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:16 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:16 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:16 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:16 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:16 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:15 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:15 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:15 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:15 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 21:15 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:15 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:15 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:15 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:15 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:15 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:15 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:15 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 23:53 - 2014-12-06 00:33 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\HTC MediaHub
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\Documents\HTC
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\Apple Computer
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Apple Computer
2014-11-10 23:53 - 2014-11-10 23:53 - 00000000 ____D () C:\Users\Philip Weiss\.android
2014-11-10 23:52 - 2014-11-10 23:52 - 00002033 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2014-11-10 23:51 - 2014-11-10 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-11-10 23:51 - 2014-11-10 23:51 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2014-11-10 23:47 - 2014-11-10 23:51 - 00037272 _____ () C:\Windows\DPINST.LOG
2014-11-10 23:47 - 2014-11-10 23:47 - 00000000 ____D () C:\ProgramData\HTC
2014-11-10 23:42 - 2014-11-10 23:42 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 20:27 - 2013-10-27 20:51 - 00004236 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-12-09 20:27 - 2013-10-27 20:51 - 00000536 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-12-09 20:24 - 2014-11-02 13:32 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-12-09 20:24 - 2014-10-26 18:52 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-09 20:24 - 2014-04-22 21:42 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-12-09 20:24 - 2012-10-20 22:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-09 20:22 - 2012-10-20 22:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 20:20 - 2014-02-16 15:12 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\Htc
2014-12-09 20:20 - 2013-10-27 20:51 - 00000394 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-12-09 20:20 - 2012-10-20 22:46 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-09 20:20 - 2012-10-20 22:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-09 20:20 - 2012-10-20 22:37 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2014-12-09 11:39 - 2012-10-21 06:03 - 01563186 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 13:46 - 2012-10-21 05:41 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-07 13:46 - 2012-10-21 05:41 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-07 13:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-07 13:41 - 2014-04-12 07:18 - 00000000 ____D () C:\Users\Ursula\AppData\Local\Htc
2014-12-07 13:41 - 2014-03-22 13:09 - 00000000 ____D () C:\Users\Nora Weiss\AppData\Local\Htc
2014-12-07 12:38 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 12:38 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 12:31 - 2014-11-01 12:06 - 00009531 _____ () C:\Windows\setupact.log
2014-12-07 12:31 - 2012-10-21 06:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-07 12:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 12:30 - 2014-11-01 12:05 - 00026416 _____ () C:\Windows\PFRO.log
2014-12-07 12:29 - 2014-09-13 10:38 - 00000000 ____D () C:\AdwCleaner
2014-12-07 12:21 - 2014-10-26 16:36 - 00010716 _____ () C:\Windows\patsearch.bin
2014-12-07 11:56 - 2013-11-02 12:00 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-12-07 11:50 - 2013-10-27 20:51 - 00003418 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-12-06 00:32 - 2013-10-27 20:49 - 00103920 _____ () C:\Users\Ph.Weiss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-06 00:31 - 2014-09-01 09:18 - 00001171 _____ () C:\Users\Philip Weiss\AppData\Roaming\LKAEVT
2014-12-06 00:31 - 2014-09-01 09:18 - 00000365 _____ () C:\Users\Philip Weiss\AppData\Roaming\ZEDI
2014-12-05 02:00 - 2013-12-01 16:54 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Adobe
2014-12-03 14:01 - 2014-04-12 07:17 - 00103920 _____ () C:\Users\Ursula\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 17:50 - 2013-11-02 12:03 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-30 17:48 - 2014-02-17 06:03 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Local\Htc
2014-11-30 17:46 - 2013-12-08 11:01 - 00103920 _____ () C:\Users\Nora Weiss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 17:45 - 2013-11-03 11:16 - 00000000 ____D () C:\Users\Nora Weiss
2014-11-25 22:22 - 2012-10-20 22:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 22:22 - 2012-10-20 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 22:22 - 2012-10-20 22:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 03:18 - 2013-12-05 20:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-25 03:17 - 2014-04-22 21:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-16 12:12 - 2014-04-12 07:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Htc
2014-11-16 12:11 - 2013-12-24 23:50 - 00000000 ____D () C:\Users\Gast
2014-11-12 04:20 - 2014-04-22 21:34 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-11-12 03:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:34 - 2014-10-03 19:58 - 00000000 ____D () C:\Users\TEMP
2014-11-12 03:24 - 2013-10-27 20:48 - 00000000 ____D () C:\Users\Ph.Weiss
2014-11-12 03:22 - 2009-07-14 05:45 - 05078088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:19 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:03 - 2013-11-03 11:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:01 - 2013-11-03 11:05 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 23:54 - 2014-02-17 06:02 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HTC
2014-11-10 23:53 - 2013-11-06 20:23 - 00103920 _____ () C:\Users\Philip Weiss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 23:53 - 2013-11-06 20:22 - 00000000 ____D () C:\Users\Philip Weiss
2014-11-10 23:52 - 2014-02-16 14:19 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-11-10 23:49 - 2012-10-20 22:38 - 00000000 ____D () C:\Temp
2014-11-10 23:48 - 2014-02-16 14:20 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\Downloaded Installations
2014-11-10 23:43 - 2014-08-26 14:32 - 00000000 ____D () C:\Users\Ph.Weiss\AppData\Local\Adobe
2014-11-10 23:41 - 2013-11-06 20:22 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\Adobe
2014-11-10 23:14 - 2013-11-10 12:14 - 00000000 ____D () C:\Users\Philip Weiss\AppData\Roaming\HpUpdate

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\SPSetup.exe
C:\Users\Ph.Weiss\AppData\Local\Temp\ICReinstall_installer_autocad_2013_2013_32bit_Deutsch.exe
C:\Users\Ph.Weiss\AppData\Local\Temp\Quarantine.exe
C:\Users\Ph.Weiss\AppData\Local\Temp\sqlite3.dll
C:\Users\Philip Weiss\AppData\Local\Temp\jna7382536261128028260.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 00:05

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ph.Weiss on 09.12.2014 at 20:25:10.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util grabrez



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ph.Weiss\AppData\Roaming\mozilla\firefox\profiles\g679ysgt.default-1392234617311\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.12.2014 at 20:27:58.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Alt 09.12.2014, 22:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicyUsers\S-1-5-21-3861434528-3431555863-1564601657-1004\User: Group Policy restriction detected <======= ATTENTION
Task: C:\Windows\Tasks\LKAEVT.job => C:\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZEDI.job => C:\Users\Philip Weiss\AppData\Roaming\ZEDI.exe <==== ATTENTION
C:\Users\Philip Weiss\AppData\Roaming\ZEDI.exe
C:\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.12.2014, 22:01   #11
omg noop
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Ph.Weiss at 2014-12-15 21:46:30 Run:1
Running from C:\Users\Ph.Weiss\Desktop\Probs
Loaded Profiles: Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast (Available profiles: UpdatusUser & Ph.Weiss & Nora Weiss & Philip Weiss & Ursula & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-3861434528-3431555863-1564601657-1004\User: Group Policy restriction detected <======= ATTENTION
Task: C:\Windows\Tasks\LKAEVT.job => C:\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZEDI.job => C:\Users\Philip Weiss\AppData\Roaming\ZEDI.exe <==== ATTENTION
C:\Users\Philip Weiss\AppData\Roaming\ZEDI.exe
C:\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe
EmptyTemp:
Hosts:
        
*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3861434528-3431555863-1564601657-1004\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\Tasks\LKAEVT.job => Moved successfully.
C:\Windows\Tasks\ZEDI.job => Moved successfully.
C:\Users\Philip Weiss\AppData\Roaming\ZEDI.exe => Moved successfully.
C:\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.4 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Alt 16.12.2014, 01:24   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.12.2014, 17:09   #13
omg noop
 
IE und Firefox komplett mit Werbung verbannert - Standard

mbam


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.12.2014
Suchlauf-Zeit: 15:01:29
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.26.07
Rootkit Datenbank: v2014.12.23.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ph.Weiss

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 599552
Verstrichene Zeit: 12 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 25
PUP.Optional.Graftor, HKLM\SOFTWARE\CLASSES\CLSID\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\CLASSES\TYPELIB\{E4FD0F53-EC88-435C-8688-4E1C320BA5E4}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\CLASSES\INTERFACE\{072BD5E9-EC4E-2424-D392-EAD3EC21D5F6}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{072BD5E9-EC4E-2424-D392-EAD3EC21D5F6}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E4FD0F53-EC88-435C-8688-4E1C320BA5E4}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKU\S-1-5-21-3861434528-3431555863-1564601657-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKU\S-1-5-21-3861434528-3431555863-1564601657-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKU\S-1-5-21-3861434528-3431555863-1564601657-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKU\S-1-5-21-3861434528-3431555863-1564601657-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKU\S-1-5-21-3861434528-3431555863-1564601657-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKU\S-1-5-21-3861434528-3431555863-1564601657-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKU\S-1-5-21-3861434528-3431555863-1564601657-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{55B1147E-3B17-AED1-F0BF-CF903C461319}, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, HKLM\SOFTWARE\CLASSES\CLSID\{55B1147E-3B17-AED1-F0BF-CF903C461319}\INPROCSERVER32, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.AdLyrics, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\894D568D-DD4C-E979-9A60-94E3C4A52373, In Quarantäne, [0d623d2a007cf73f14519047c43d4bb5], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [c6a9e681c5b7b6800db5795f34d0827e], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [244b0f58fb8157df7d4412c6df25fa06], 
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader, In Quarantäne, [f27db6b1f785122480a160017a89f10f], 
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, In Quarantäne, [6c039dca4834f73fde9388df2dd6c937], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3861434528-3431555863-1564601657-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [7df24522651776c0ad36963228dc3ec2], 
PUP.Optional.TornTV.A, HKU\S-1-5-21-3861434528-3431555863-1564601657-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, In Quarantäne, [0c633b2cccb02e086b06630422e17090], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3861434528-3431555863-1564601657-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [5e117ceb8af273c38af88fdc659e8779], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3861434528-3431555863-1564601657-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\esc, In Quarantäne, [145ba6c1cdaf5adc77dbc5991ae97b85], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 28
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\x64, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\defaults, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\defaults\preferences, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\userCode, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\locale, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\locale\en-US, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\defaults, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\defaults\preferences, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\userCode, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\locale, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\locale\en-US, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 

Dateien: 255
PUP.Optional.Graftor, C:\Program Files (x86)\ver9BetterMarkIt\181_x64.dll, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.Graftor, C:\Program Files (x86)\ver9BetterMarkIt\181.dll, In Quarantäne, [006fe97ebebe55e1c74a1f3916ea07f9], 
PUP.Optional.AdLyrics, C:\Program Files (x86)\ver9BetterMarkIt\Uninstall.exe, In Quarantäne, [0d623d2a007cf73f14519047c43d4bb5], 
PUP.Optional.OneClickDownloader.A, C:\$RECYCLE.BIN\S-1-5-21-3861434528-3431555863-1564601657-1005\$RY3CUPS.exe, In Quarantäne, [e38c0f5859238caa9e6c929f70918e72], 
PUP.Optional.InstallCore, C:\Users\Philip Weiss\Downloads\installer_autocad_2013_2013_32bit_Deutsch.exe, In Quarantäne, [026dc3a4f785c96dc5b9b62b11f0e31d], 
PUP.Optional.TornTV.A, C:\Users\Ph.Weiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk, In Quarantäne, [adc2cb9c88f4221444e65e0dc53e1fe1], 
PUP.Optional.SearchProtect, C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [cfa04621c1bb9d9919acb62263a18b75], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\181.crx, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\181.dat, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\181.xpi, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\a.db, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\b.db, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\J8RT181.bin, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\o3BetterMarkIte87.dll, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\o3BetterMarkIte87.exe, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\Sqlite3.dll, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\x64\TandemRunner.exe, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\x64\WdfCoInstaller01009.dll, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\x64\webinstr.inf, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.BetterMarkIT.A, C:\Program Files (x86)\ver9BetterMarkIt\x64\webinstrNew.sys, In Quarantäne, [95da70f73f3d37ff9422e5595aa9837d], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome.manifest, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\install.rdf, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\0614892625329ebb3872c68e3394e3bb.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\4c512bd7c372c8686ddbbd468cb106d8.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\5893f11c60f67bdb78460c26b85fc853.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\8a95935ff4a9b265a488ef170c6a574f.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\9082a13020e5f6eccadff75152d571f9.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\a8614256040fb8a8ead571c2177d3486.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\background.html, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\browser.xul, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\dialog.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\options.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\options.xul, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\search_dialog.xul, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\635f29b2296bb308fe5dd6c208db46ed.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\00b7d17f561a592a5276b0053a45ab45.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\0714783b69675513205d791f67d253e7.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\31cc9c210bf8f048f5e313c94a869bcc.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\3b53172fbb0dc15f537e945666d67d53.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\4695e7c0fa447de5d55861782deebea8.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\4882dde445fb11898c4e582aef8e2b74.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\4bdadd67ad2c1d523642d7decde98727.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\5b00045911c1de6e5a80fd7c6512fa98.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\6838ff0d66daf089711b06a586d07e1c.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\68dd3be15fd5fa01af1a6be2efecb284.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\717fc2bbae41fefaa5d1bf5bc926c5dc.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\95f5175fb22323aa18b033122ced534c.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\abbcbadc39628cb50e9fc2efcb7120ac.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\b5a7398de61d46b0dc48d8a5da493ddb.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\c5460e4b2f384dc6882f8c80967930ef.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\081635074572ac76282f246e37aea067.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\1015e8c09306a26261feab3e152c0e0c.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\19ac1cc17259a21d2f34ac15d706a3a6.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\1ac2d909aa36bff366d60ac918649e1a.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\1ca34fd7088c1be93cadc7a3d149feae.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\2ec3592c09abc5a982bf6d8c99c63597.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\4eced315cf764b66ad380d7c0f524d21.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\6ac8ea9fb8de826be5ac06447ad146c2.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\72a89e4ef934b1c65c72168f5836e620.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\7bf2570bd0b61994f2d0f054f4ea4d7c.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\86e8289917a4c9ea01e5f9e28d1ee769.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\8b302dd5c4736c78c75559b1654fb8b0.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\8bde88abbc43b06c2595944209938044.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\9194ee1eeaa51dbc4a18babf5b810ade.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\95fc40c905c0f8f38203684fac46dcc5.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\9df8267d53746c204410ddd355e99f56.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\b6de56b1e0e9cf20a1a777ceafd3550c.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\cfce706998847938f0094e57dea91620.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\d020851ab8529c45d4c6174f7dfb1754.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\f909c4e5de73726700e507ceb4ac06e1.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\installer.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\defaults\preferences\prefs.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\manifest.xml, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins.json, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\22.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1000020.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1000025.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1000030.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\102.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\104.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\123.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\13.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\14.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\16.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\17.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\177.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\178.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\179.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\180.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\182.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\183.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\195.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\207.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\21.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\220.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\221.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\223.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\226.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\234.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\246.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\253.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\262.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\263.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\268.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\273.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\28.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\281.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\301.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\345.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\354.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\4.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\47.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\64.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\7.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\72.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\78.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\9.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\91.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\93.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\98.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\userCode\background.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\userCode\extension.js, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\locale\en-US\translations.dtd, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button1.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button2.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button3.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button4.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button5.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\crossrider_statusbar.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon128.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon16.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon24.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon48.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\panelarrow-up.png, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\popup.html, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\skin.css, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Ph.Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\g679ysgt.default-1392234617311\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\update.css, In Quarantäne, [343be87f5f1d44f2f9fcc18715ee40c0], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome.manifest, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\install.rdf, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\0614892625329ebb3872c68e3394e3bb.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\4c512bd7c372c8686ddbbd468cb106d8.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\5893f11c60f67bdb78460c26b85fc853.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\8a95935ff4a9b265a488ef170c6a574f.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\9082a13020e5f6eccadff75152d571f9.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\a8614256040fb8a8ead571c2177d3486.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\background.html, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\browser.xul, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\dialog.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\options.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\options.xul, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\search_dialog.xul, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\635f29b2296bb308fe5dd6c208db46ed.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\00b7d17f561a592a5276b0053a45ab45.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\0714783b69675513205d791f67d253e7.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\31cc9c210bf8f048f5e313c94a869bcc.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\3b53172fbb0dc15f537e945666d67d53.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\4695e7c0fa447de5d55861782deebea8.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\4882dde445fb11898c4e582aef8e2b74.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\4bdadd67ad2c1d523642d7decde98727.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\5b00045911c1de6e5a80fd7c6512fa98.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\6838ff0d66daf089711b06a586d07e1c.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\68dd3be15fd5fa01af1a6be2efecb284.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\717fc2bbae41fefaa5d1bf5bc926c5dc.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\95f5175fb22323aa18b033122ced534c.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\abbcbadc39628cb50e9fc2efcb7120ac.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\b5a7398de61d46b0dc48d8a5da493ddb.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\api\c5460e4b2f384dc6882f8c80967930ef.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\081635074572ac76282f246e37aea067.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\1015e8c09306a26261feab3e152c0e0c.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\19ac1cc17259a21d2f34ac15d706a3a6.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\1ac2d909aa36bff366d60ac918649e1a.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\1ca34fd7088c1be93cadc7a3d149feae.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\2ec3592c09abc5a982bf6d8c99c63597.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\4eced315cf764b66ad380d7c0f524d21.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\6ac8ea9fb8de826be5ac06447ad146c2.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\72a89e4ef934b1c65c72168f5836e620.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\7bf2570bd0b61994f2d0f054f4ea4d7c.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\86e8289917a4c9ea01e5f9e28d1ee769.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\8b302dd5c4736c78c75559b1654fb8b0.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\8bde88abbc43b06c2595944209938044.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\9194ee1eeaa51dbc4a18babf5b810ade.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\95fc40c905c0f8f38203684fac46dcc5.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\9df8267d53746c204410ddd355e99f56.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\b6de56b1e0e9cf20a1a777ceafd3550c.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\cfce706998847938f0094e57dea91620.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\d020851ab8529c45d4c6174f7dfb1754.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\f909c4e5de73726700e507ceb4ac06e1.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\chrome\content\core\installer.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\defaults\preferences\prefs.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\manifest.xml, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins.json, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\22.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1000020.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1000025.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\1000030.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\102.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\104.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\123.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\13.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\14.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\16.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\17.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\177.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\178.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\179.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\180.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\182.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\183.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\195.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\207.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\21.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\220.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\221.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\223.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\226.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\234.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\246.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\262.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\263.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\268.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\273.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\28.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\281.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\301.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\4.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\47.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\64.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\7.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\72.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\78.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\9.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\91.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\93.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\plugins\98.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\userCode\background.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\extensionData\userCode\extension.js, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\locale\en-US\translations.dtd, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button1.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button2.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button3.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button4.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\button5.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\crossrider_statusbar.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon128.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon16.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon24.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\icon48.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\panelarrow-up.png, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\popup.html, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\skin.css, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 
PUP.Optional.CrossRider.A, C:\Users\Philip Weiss\AppData\Roaming\Mozilla\Firefox\Profiles\cnpqknnm.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com\skin\update.css, In Quarantäne, [0b6495d286f6023437beb7910bf86a96], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=03d069eca289e747ac7885e2777ee0d2
# engine=21713
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-26 03:59:06
# local_time=2014-12-26 04:59:06 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 2757102 182423324 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 23001 171239396 0 0
# scanned=198420
# found=34
# cleaned=0
# scan_time=5075
sh=88F08972148EC82EA59453C78B5A821BF6F83627 ft=1 fh=2d609e1f0df2b7b8 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=43BD899383C16FF427302905B59E5E5DFA837B81 ft=1 fh=e0114720b91227bd vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_1416136614527.vir"
sh=4CD2D5380CF1F7BCDB2B9E261C9134004E653ADF ft=1 fh=bcd9f7fdaba7a28d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir"
sh=5E1B1AF8AA6F3764E727D843071EF301499D7B96 ft=1 fh=e0bb0e0a2e6a712c vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=4AAAF8A159A90F5CB98DEB0175452E8EACB51F2A ft=1 fh=068cb5e426c61671 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=D591A26E8CC1AFE4A634DD8564428BBE123B5008 ft=1 fh=a22458dd27db68d8 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_1416136614511.vir"
sh=AA21167CD8C7DD6C333A8835C6EEFB5469D64A4E ft=1 fh=de91aae662672d66 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir"
sh=93E69887186D7CCD620EA1E0EE60A4C5BC99AB54 ft=1 fh=5624b8e1fc420b28 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir"
sh=AF5CA8AECE016C1AFE45BB24C9C68807FB4D708C ft=1 fh=276e595006e32c98 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir"
sh=35A98D8E3E36BE884BC8231D26A373EBC0BF22D6 ft=1 fh=310cfc5074105e25 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir"
sh=41A2591144F9CD9AB1C02C6A218BB5BA7654643E ft=1 fh=1cba7093867ed45e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir"
sh=B7AF92191EDE9A6BC0227509BC2C371FA4F9D3C6 ft=1 fh=21bf729230904fcb vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=423846340A29860C4DB95E9BB7578908BBF5C7CA ft=1 fh=c7ed3d8d83e28834 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_1416136614542.vir"
sh=F215E4462F6AAFC04003D90FBFC332DBED50BF70 ft=1 fh=8688a724a6c8d22b vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\update\update.exe.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ph.Weiss\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ph.Weiss\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ph.Weiss\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ph.Weiss\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=6E5D0AB18B498E8EBC6BAB9C850F38D26CE427F9 ft=1 fh=8a80bf55b7b691e4 vn="Win64/Adware.AddLyrics.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstrNew.sys.vir"
sh=B2C5CD9B6CA06FB577899F38C476FB4DCC94B517 ft=1 fh=78ac1a848b7552d4 vn="Variante von Win64/BrowseFox.CB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\wStLibG64.sys.vir"
sh=52AE32FF832DF176F6DF2D8CC9F0359E6F613D17 ft=1 fh=6d9403ebe37338aa vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Philip Weiss\AppData\Roaming\LKAEVT.exe.xBAD"
sh=810A816DACA32A0634C28ADAF503FE5CCED8761C ft=1 fh=7b64f47a079deb4a vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Philip Weiss\AppData\Roaming\ZEDI.exe.xBAD"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\102_dealply_m.js"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\103_intext_5_m.js"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\104_jollywallet_m.js"
sh=E5DA6BC389AFE8C4BE0D4BDF007094964623BEE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\123_intext_adv_m.js"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\155_ibario_pops_m.js"
sh=315A4D911E87C32434C83BB6B6301279D5D1216C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\175_coolmirage_m.js"
sh=E87ABD87A6168E160F36A5CE9E444C1719F203DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\180_bpo_serp_m.js"
sh=9E450F6FAC72A5A25FD4EDECE0CF5D3885230235 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\190_pops_5_m.js"
sh=5E80029240BA4FF3B3E3010BB40E6867D0999160 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\226_set_campaign_id_m.js"
sh=2C1383206E28E330BBC4DAA4BD9C8D7F942B2AE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=41A2591144F9CD9AB1C02C6A218BB5BA7654643E ft=1 fh=1cba7093867ed45e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\AppPatch\AppPatch64\VCLdr64.dll"

Alt 26.12.2014, 18:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
IE und Firefox komplett mit Werbung verbannert - Standard

IE und Firefox komplett mit Werbung verbannert


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Ph.Weiss\Desktop\Alte Firefox-Daten\rxnwbmtk.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com
C:\WINDOWS\AppPatch\AppPatch64\VCLdr64.dll
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu IE und Firefox komplett mit Werbung verbannert
anzeige, anzeigen, bettermarkit entfernen, blockt, fehlercode 0xc0000005, fehlercode 0xc0000374, fehlercode 22, fehlercode windows, firefox, ie und firefox, komplett, massenweise, mcafee, mozilla, mypc backup entfernen, search protect entfernen, this device is disabled. (code 22), verlinkungen, vorschläge, werbung


« ***ystation3**ulator.net Trojaner | Hohe CPU-Auslastung und Trusted Zone »


Ähnliche Themen: IE und Firefox komplett mit Werbung verbannert


  1. Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung
    Log-Analyse und Auswertung - 21.07.2015 (10)
  2. Werbung in Firefox, Fenster mit PC Optimierung Werbung öffnet sich automatisch
    Log-Analyse und Auswertung - 10.04.2015 (11)
  3. Windows 7: Werbung und Pop-ups bei IE und Firefox
    Plagegeister aller Art und deren Bekämpfung - 12.03.2015 (15)
  4. Mengenweise Werbung in Moz Firefox
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (25)
  5. "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett
    Log-Analyse und Auswertung - 30.08.2014 (12)
  6. Win 8: Firefox - viel Werbung
    Log-Analyse und Auswertung - 21.05.2014 (7)
  7. Firefox voller Werbung und Pop-ups die 2.
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (4)
  8. Firefox voller Werbung und Pop-ups
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (13)
  9. Firefox/Win7 – übermäßige Werbung (Pseudo-Links und WerbeFenster) nach Firefox-Update
    Log-Analyse und Auswertung - 12.12.2013 (9)
  10. Ständige Werbung im IE und Firefox
    Log-Analyse und Auswertung - 22.05.2011 (5)
  11. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  12. Firefox öffnet Werbung bei Links, IE öffnet selbstständig Werbung
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (1)
  13. Firefox: Unerwünschte Werbung
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (18)
  14. Firefox leitet zu merkwürdige Seiten; langsam/nicht komplett.
    Log-Analyse und Auswertung - 20.05.2009 (1)
  15. Pop-ups mit Werbung im Firefox
    Log-Analyse und Auswertung - 28.03.2009 (9)
  16. Werbung im Firefox Browser
    Log-Analyse und Auswertung - 16.03.2009 (2)
  17. Firefox & IE öffnen Werbung
    Log-Analyse und Auswertung - 10.11.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema IE und Firefox komplett mit Werbung verbannert - Hab das grauslige Prob, dass IE und Mozilla mit Werbung komplett verbannert wird. McAfee blockt wohl die Anzeigen, doch massenweise kommen die Anzeigen durch. Auch Verlinkungen, Vorschläge wenn man mit - IE und Firefox komplett mit Werbung verbannert...
Archiv
Du betrachtest: IE und Firefox komplett mit Werbung verbannert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130