Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WIN 7: Zugriff auf Dateien nicht mehr möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.01.2015, 17:01   #1
Nailimixam
 
WIN 7: Zugriff auf Dateien nicht mehr möglich - Ausrufezeichen

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hallo,
mein PC verhält sich seit 1-2 Wochen seltsam:
- zuerst wurde er immer langsamer, Rechenleistung war halbiert
- im Hintergrund sah ich über Taskmanager 20 geöffnete Dateien mit dem Namen: compatibilitycheck.exe, die ich nicht stoppen konnte
- mittlerweile lassen sich keine Datein mehr öffnen, nur im abgesicherten Modus
- ich habe alle vorgeschriebenen LOG Dateien ausgeführt und habe diese auf dem Desktop gespeichert
- jedoch war die Ausführung der GMER.EXE jedes Mal beim Scan, leider nicht möglich, da eine Fehlermeldung kam, dass diese "nicht mehr funktioniert und nach dem Fehler gesucht würde".
- ich kann also nur die Logfiles von : Additional, Defogger, FRST beifügen
Leider habe ich seit einiger Zeit keinen Virenscanner aktiv. Habe das Problem vorher wohl unterschätzt
Es wäre schön, wenn mir jemand helfen könnte meinen PC wieder herzustellen.
Vielen Dank für Eure Mühe.
LG Nailimixam

Alt 25.01.2015, 17:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 25.01.2015, 19:43   #3
Nailimixam
 
WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hallo Schrauber,
Oh sorry, ich versuche es einmal:
Additional.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Pia Bausch at 2015-01-25 16:11:00
Running from C:\Users\Pia Bausch\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Client/Server Security Agent (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Client/Server Security Agent Anti-Spyware (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.13.2.0 - Ask.com) <==== ATTENTION
AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Butterfly Magic (HKLM-x32\...\Butterfly Magic) (Version:  - )
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Cisco Jabber Video for TelePresence (HKLM-x32\...\{8803DD42-66B1-401F-BAEE-A3C10F8E4BEC}) (Version: 4.6.3.17194 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.2 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.001 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.3.3.2 - Dell)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.118 - ALPS ELECTRIC CO., LTD.)
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.3.3.6 - Dell)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EG21 Vokabelkartei interaktiv 2 (HKLM-x32\...\{D9C1E527-F7B8-4C32-8186-E59DDD38C475}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
EG21 Vokabelkartei interaktiv 3 (HKLM-x32\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
EG21 Vokabelkartei interaktiv 4 (HKLM-x32\...\{2235E685-11A5-4E37-ADD9-60A1214F7474}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Elevated Installer (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.0.2 - SCS Software)
FileZilla Client 3.9.0.6 (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Football Mania (HKLM-x32\...\InstallShield_{E8A68053-E9B5-4334-B402-6709CFA56405}) (Version: 0.00.0067 - LEGO Media)
Football Mania (x32 Version: 0.00.0067 - LEGO Media) Hidden
Foxtab (HKLM-x32\...\foxtab) (Version:  - FoxTab) <==== ATTENTION!
Foxy Security (HKLM-x32\...\Foxy Security) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FromDocToPDF Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
ftp-uploader (HKLM-x32\...\ftp-uploader) (Version: 3.3.0.0 - Firma Gregor Schommer Systemberatung, Raderthaler Str. 31, D-50968 Köln)
Garmin Express (HKLM-x32\...\{0db152f6-3b8d-4363-aedd-374ee54d33ba}) (Version: 3.2.26.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Globy (HKLM-x32\...\Globy) (Version:  - )
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (HKLM-x32\...\{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}.KB2635973) (Version: 1 - Microsoft Corporation)
HyperBalloidCE (HKLM-x32\...\HyperBalloidCE) (Version:  - )
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
ISScript (x32 Version: 3.00.185 - InstallShield Software Corp.) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LEGO® Harry Potter™: Die Jahre 1-4 (HKLM-x32\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games)
LEGO® Harry Potter™: Die Jahre 5-7 (HKLM-x32\...\{5C5A944F-096E-4ADD-B8E8-887F18BA6228}) (Version: 1.0.0.0 - WB Games)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
LookThisUp (HKLM\...\LookThisUp) (Version: 1.0.2 - LookThisUp) <==== ATTENTION!
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{0E302EE8-EBF9-41DE-B5A0-EA79FB842258}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Small Basic v1.0 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft - 1.7.4 Packages (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Minecraft - 1.7.4 Packages) (Version:  - ) <==== ATTENTION
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Pearl Poppers (HKLM-x32\...\Pearl Poppers) (Version:  - )
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plantronics Calisto Driver (64-bit) (Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics CSR Driver (64-bit) (Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics CsrDfu Installer (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics FwuApi Installer (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics HidDfu Installer (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub Device Handlers (32-bit) (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub DFU Handlers (32-bit) (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub Install Check (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub Native Runtime (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub Plugins (32-bit) (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub Runtime (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub Software (HKLM-x32\...\{b66cc4be-f731-4d1f-a411-e7622e33da36}) (Version: 3.2.50830.8480 - Plantronics, Inc.)
Plantronics Hub Startup (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub Update Service (x32 Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Hub WMP Plugin (64-bit) (Version: 3.2.50830.8480 - Plantronics, Inc.) Hidden
Plantronics Legacy Hub SDK (x32 Version: 3.0.0.0 - Plantronics, Inc.) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (HKLM-x32\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
SweetIM Bundle by SweetPacks (HKLM-x32\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Great Mahjongg (HKLM-x32\...\The Great Mahjongg) (Version:  - )
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.5.1163 - Trend Micro)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Vokabelkartei interaktiv À plus! 1 (HKLM-x32\...\{C7BD31A9-B17E-4125-8AE6-217C1FF8BE10}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Vokabelkartei interaktiv À plus! 2 (HKLM-x32\...\{08DBA737-EAD2-4DDA-A48B-E7A8AEC45BD8}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Vokabelkartei interaktiv À plus! 3 (HKLM-x32\...\{8535E112-4075-4D54-A2BD-7CDEFB4BA528}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB  (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
Windows-Treiberpaket - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Yahoo Community Smartbar (HKLM-x32\...\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\{d0178b17-ab1f-4552-9a89-f1d5eb97f1e0}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

17-12-2014 21:44:24 Windows Update
25-12-2014 17:48:55 Geplanter Prüfpunkt
25-12-2014 21:35:57 Garmin Express
25-12-2014 21:38:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 18:31:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
15-01-2015 03:01:22 Windows Update
16-01-2015 22:06:12 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
21-01-2015 19:59:07 Windows Update
23-01-2015 21:00:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
24-01-2015 13:56:11 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
24-01-2015 17:48:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F447EA0-815A-471A-8EBE-B00EDC586154} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2011-05-26] (Dell Inc.)
Task: {145CBF8D-289B-4571-9E63-DF117313D428} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1FA33044-F92F-44CD-ABC0-60CD158DDD6D} - System32\Tasks\{F69D63AE-77A1-4E87-89F8-BA34A8EFFA6C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {20938E96-8FA0-455E-826D-7B06D588F9C7} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {292B99BD-B157-4CE8-BE77-E2746133B039} - System32\Tasks\FoxTab => C:\Users\Pia Bausch\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {3D0A45A8-9121-4D7F-B498-8512CAF15CD7} - System32\Tasks\{23D63CCC-8A31-45FE-9871-C2CB92F9FA87} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {3F29A405-49FE-4C70-BB8E-3334F3AE2C06} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-08-21] (PC Utilities Software Limited) <==== ATTENTION
Task: {4491BA4B-3700-410D-B70B-DEADD3354010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)
Task: {4B8BBA16-40EA-47EB-8D70-7DB4EBDAE7BB} - System32\Tasks\{F85AB527-F322-4AA3-8A12-595B196B4855} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {589732E3-4C2A-4F4B-B405-57308869A7C6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-17] ()
Task: {5B97072D-21F8-4FFC-8461-BFF4959942EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {6428195F-DCAA-4B1F-9BEA-4D85B237560C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1140785117-3275974374-1152227498-1000
Task: {66A8B7D7-25AB-47D7-923C-572872CE3DAE} - System32\Tasks\{5D5CE647-F1F4-424D-B7E8-F6B60BA8CF93} => pcalua.exe -a E:\epson320037eu.exe -d E:\
Task: {68B6DB6A-57CF-4FB8-9E00-4CA2F4065DB7} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {6960FEC7-EDF7-4D64-8D16-5E226729711B} - System32\Tasks\Chrome => C:\Users\Pia Bausch\AppData\Local\Temp\Rau\PackerV2.exe [2014-12-23] (Packer Framework) <==== ATTENTION
Task: {7329D3A0-8575-4932-B683-EA587E76E939} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {9716134A-0A47-42D2-A4D6-56C6123497E1} - System32\Tasks\{F67A8953-FFF4-4611-B141-16351B34BF2A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {9EE86894-4701-46D5-9B3D-AF21336FD1DA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A275E288-65AB-4BA3-B2D8-FF7A240BCEC2} - System32\Tasks\{D23EE878-E040-478A-95B6-564FE9780E96} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {B1699566-3282-44EB-9CF1-27AD70CADF20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14] (Google Inc.)
Task: {B726C91E-27D1-4976-A4D2-5018676EC41F} - System32\Tasks\{38769602-CD8F-45A3-A4FC-69E572047EDB} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
Task: {C18812C1-8041-4B85-8915-C4AE3DE82369} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14] (Google Inc.)
Task: {CA92F2D9-5E38-4539-A681-ED680073AB40} - System32\Tasks\{BD207A15-D183-424A-8D94-6C268B7AF145} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {D05FCC0D-3B64-42E4-9BF4-783B0D48A27B} - System32\Tasks\{945A0B59-A136-4330-8F16-9BD34CC1C03B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {D2614531-99C7-4EAC-902A-20EEB0B4F2DE} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {D3137221-3C2C-4EF8-9566-9B40A39E3D78} - System32\Tasks\{D020A67D-C9E2-4C4B-831C-1021F2A61541} => pcalua.exe -a "C:\Users\Pia Bausch\Desktop\forge-1.8-11.14.0.1239-1.8-installer-win.exe" -d "C:\Users\Pia Bausch\Desktop"
Task: {D6B22C7A-71BC-48A0-BBD1-5ABC8C4E1ADA} - System32\Tasks\{BBC8E3A9-E5BD-4E26-9E84-9C713B815849} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {E2BCDBE8-D430-46D5-AC16-51612DF6E6F1} - System32\Tasks\{FDB9472F-D644-4A6E-B7B5-730215D3D745} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE
Task: {EE044CA2-4F78-46B4-AED8-2FCD8D756373} - System32\Tasks\{ADDDE2F1-12AB-4BBE-B6EF-4E785F1AF6A2} => pcalua.exe -a "C:\Users\Pia Bausch\Desktop\vbasic_web.exe" -d "C:\Users\Pia Bausch\Desktop"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\PIABAU~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-09 17:17 - 2014-12-09 17:17 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1140785117-3275974374-1152227498-500 - Administrator - Disabled)
Gast (S-1-5-21-1140785117-3275974374-1152227498-501 - Limited - Disabled) => C:\Users\Gast
Pia Bausch (S-1-5-21-1140785117-3275974374-1152227498-1000 - Administrator - Enabled) => C:\Users\Pia Bausch

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 03:41:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2015 03:06:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (01/24/2015 05:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0x4000001f
Fehleroffset: 0x00231330
ID des fehlerhaften Prozesses: 0x1924
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/24/2015 05:39:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (01/24/2015 05:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 03:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ExpressTray.exe, Version: 3.2.26.0, Zeitstempel: 0x5491a15b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0xd04
Startzeit der fehlerhaften Anwendung: 0xExpressTray.exe0
Pfad der fehlerhaften Anwendung: ExpressTray.exe1
Pfad des fehlerhaften Moduls: ExpressTray.exe2
Berichtskennung: ExpressTray.exe3

Error: (01/24/2015 03:03:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: ExpressTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
   bei MS.Win32.Penimc.UnsafeNativeMethods.CreateResetEvent(IntPtr ByRef)
   bei System.Windows.Input.PenThreadWorker..ctor()
   bei System.Windows.Input.PenThreadPool.GetPenThreadForPenContextHelper(System.Windows.Input.PenContext)
   bei System.Windows.Input.StylusLogic.get_TabletDevices()
   bei System.Windows.Input.StylusLogic.RegisterHwndForInput(System.Windows.Input.InputManager, System.Windows.PresentationSource)
   bei System.Windows.Interop.HwndStylusInputProvider..ctor(System.Windows.Interop.HwndSource)
   bei System.Windows.Interop.HwndSource.Initialize(System.Windows.Interop.HwndSourceParameters)
   bei System.Windows.Interop.HwndSource..ctor(System.Windows.Interop.HwndSourceParameters)
   bei System.Windows.Window.CreateSourceWindow(Boolean)
   bei System.Windows.Window.ShowHelper(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei Garmin.Cartography.MapUpdate.TrayApplication.App.Main()

Error: (01/24/2015 02:56:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 01:55:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden.

Error: (01/24/2015 01:51:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x1efc
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3


System errors:
=============
Error: (01/25/2015 04:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:08:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:08:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:08:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:08:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:08:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:08:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/25/2015 04:04:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (01/25/2015 03:41:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2015 03:06:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (01/24/2015 05:50:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c94000001f00231330192401d037f5b0607098C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe1c38a048-a3e9-11e4-b685-028037ec0200

Error: (01/24/2015 05:39:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (01/24/2015 05:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 03:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ExpressTray.exe3.2.26.05491a15bKERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940dd0401d037dda6b5be20C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exeC:\Windows\system32\KERNELBASE.dllbf3836c3-a3d1-11e4-974a-028037ec0200

Error: (01/24/2015 03:03:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: ExpressTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
   bei MS.Win32.Penimc.UnsafeNativeMethods.CreateResetEvent(IntPtr ByRef)
   bei System.Windows.Input.PenThreadWorker..ctor()
   bei System.Windows.Input.PenThreadPool.GetPenThreadForPenContextHelper(System.Windows.Input.PenContext)
   bei System.Windows.Input.StylusLogic.get_TabletDevices()
   bei System.Windows.Input.StylusLogic.RegisterHwndForInput(System.Windows.Input.InputManager, System.Windows.PresentationSource)
   bei System.Windows.Interop.HwndStylusInputProvider..ctor(System.Windows.Interop.HwndSource)
   bei System.Windows.Interop.HwndSource.Initialize(System.Windows.Interop.HwndSourceParameters)
   bei System.Windows.Interop.HwndSource..ctor(System.Windows.Interop.HwndSourceParameters)
   bei System.Windows.Window.CreateSourceWindow(Boolean)
   bei System.Windows.Window.ShowHelper(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei Garmin.Cartography.MapUpdate.TrayApplication.App.Main()

Error: (01/24/2015 02:56:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 01:55:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: 1C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621615056143003A005C00550073006500720073005C00440065006600610075006C0074005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000

Error: (01/24/2015 01:51:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e1efc01d037d3fb409ef4C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeaf0f8c4a-a3c7-11e4-a546-028037ec0200


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 3992.93 MB
Available physical RAM: 2931.22 MB
Total Pagefile: 7984.05 MB
Available Pagefile: 6993.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:219.69 GB) (Free:64.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 6EFD8936)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:05 on 25/01/2015 (Pia Bausch)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
und nun FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Pia Bausch (administrator) on PIABAUSCH on 25-01-2015 16:09:16
Running from C:\Users\Pia Bausch\Desktop
Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2112536 2013-03-19] (Trend Micro Inc.)
HKLM-x32\...\Run: [OE] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [846672 2010-08-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [42536 2013-03-02] (MindSpark)
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-03-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PLTSpokes.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe [6579600 2014-10-23] (Plantronics, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [Google Update] => C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-23] (Google Inc.)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-08-21] (PC Utilities Software Limited)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Pia Bausch\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [LookThisUp] => "C:\Users\Pia Bausch\AppData\Roaming\LookThisUp\LookThisUp.exe"
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\MountPoints2: {abd3b293-537a-11e3-8e53-3859f9d61b58} - G:\LaunchU3.exe -a
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66jyhMonN5_WMm_RxI4vr-DbljOiysZ1l680Nl6VXESZFGpYNps2gqqOJCVb6z20rAEEF_SeM69XlnMvryDfj27gSU1eDM6ftCtEug,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms}
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms}
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66jyhMonN5_WMm_RxI4vr-DbljOiysZ1l680Nl6VXESZFGpYNps2gqqOJCVb6z20rAEEF_SeM69XlnMvryDaC3vj7nbGW_JnJQ3jYw,,
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://g.uk.msn.com/USREL/8
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms}
SearchScopes: HKLM -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKT0XF_bCb5E9DjBOgAIfA,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = 
SearchScopes: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1140785117-3275974374-1152227498-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415030717&from=pjr&uid=ST9250315AS_6VCW0GMSXXXX6VCW0GMS&q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SupraSavings -> {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} -> C:\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\xkymsyyrfh.dll ()
BHO-x32: VirtualDJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
BHO-x32: No Name -> {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> C:\Users\Pia Bausch\AppData\LocalLow\systems ie bho\bho.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: webssearches
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=swissconverter&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @FromDocToPDF_65.com/Plugin -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/O1DPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: jid1xKH0EoS44u1a2wjetpack - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack [2014-11-07]
FF Extension: Foxy Security - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\sys@foxysecurity.com [2014-05-30]
FF Extension: Yahoo! Toolbar - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-28]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-11-16]
FF Extension: Foxtab Speed Dial - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25]
FF Extension: NoScript - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012-10-07]
FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S2 bupService; C:\Users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP) [File not signed]
S2 CouponarificService64; C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries)
S2 jzmoeejfme64; C:\Program Files\003\jzmoeejfme64.exe [706560 2014-11-03] () [File not signed]
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1824800 2013-03-18] (Trend Micro Inc.)
S2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
S2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1183120 2014-10-23] (Plantronics, Inc.)
S2 RGMUpdater; C:\Users\Pia Bausch\AppData\Local\RGMService\RGMUpdater.exe [28160 2014-10-27] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-01-20] (Enigma Software Group USA, LLC.)
S2 SupraSavingsService64; C:\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe [172544 2014-07-17] () [File not signed]
S2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50208 2013-01-11] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
S3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-03-13] (Trend Micro Inc.)
S2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060904 2013-03-18] (Trend Micro Inc.)
S3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)
S2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)
S2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed]
S3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [101416 2010-12-02] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2010-11-19] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-01-20] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-20] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.)
S2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
S2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
S2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 16:09 - 2015-01-25 16:09 - 00031512 _____ () C:\Users\Pia Bausch\Desktop\FRST.txt
2015-01-25 16:09 - 2015-01-25 16:09 - 00000000 ____D () C:\FRST
2015-01-25 16:07 - 2015-01-25 16:08 - 02129920 _____ (Farbar) C:\Users\Pia Bausch\Desktop\FRST64.exe
2015-01-25 16:05 - 2015-01-25 16:05 - 00000482 _____ () C:\Users\Pia Bausch\Desktop\defogger_disable.log
2015-01-25 16:05 - 2015-01-25 16:05 - 00000000 _____ () C:\Users\Pia Bausch\defogger_reenable
2015-01-25 16:04 - 2015-01-25 16:04 - 00050477 _____ () C:\Users\Pia Bausch\Desktop\Defogger.exe
2015-01-24 14:05 - 2015-01-24 14:05 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Google
2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-23 21:47 - 2015-01-23 21:47 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 _____ () C:\autoexec.bat
2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 __SHD () C:\Users\Pia Bausch\AppData\Local\EmieBrowserModeList
2015-01-20 19:53 - 2015-01-20 19:53 - 00000000 ____D () C:\sh4ldr
2015-01-20 19:52 - 2015-01-20 19:52 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-20 19:52 - 2015-01-20 19:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-20 19:33 - 2015-01-20 19:53 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Enigma Software Group
2015-01-16 22:10 - 2015-01-24 14:50 - 00000112 _____ () C:\ProgramData\42G8625p.dat
2015-01-14 16:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:19 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-12 18:31 - 2015-01-24 17:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-12 18:31 - 2015-01-24 17:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-12 17:44 - 2015-01-12 17:44 - 06388344 _____ (Tim Kosse) C:\Users\Pia Bausch\Downloads\FileZilla_3.10.0_win32-setup.exe
2014-12-30 18:49 - 2014-12-30 18:49 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 16:05 - 2011-11-03 09:02 - 00000000 ____D () C:\Users\Pia Bausch
2015-01-25 15:44 - 2010-11-21 07:50 - 00902590 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 15:44 - 2010-11-21 07:50 - 00215014 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 15:44 - 2009-07-14 06:13 - 02165128 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 15:40 - 2014-12-05 15:37 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\LogMeIn Hamachi
2015-01-25 15:35 - 2011-08-25 09:10 - 01258866 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 15:35 - 2009-07-14 05:51 - 00168720 _____ () C:\Windows\setupact.log
2015-01-25 15:22 - 2012-01-14 17:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 15:21 - 2012-12-06 18:14 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job
2015-01-25 14:54 - 2014-01-29 14:54 - 00000304 _____ () C:\Windows\Tasks\FoxTab.job
2015-01-25 14:47 - 2012-07-22 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 14:41 - 2012-12-06 18:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job
2015-01-25 14:41 - 2012-01-14 17:39 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 17:40 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 17:40 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 17:33 - 2014-12-23 22:25 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\RGMService
2015-01-24 17:32 - 2014-05-19 16:38 - 00000000 ___RD () C:\Users\Pia Bausch\Google Drive
2015-01-24 17:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 14:59 - 2011-08-25 16:57 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-24 14:05 - 2012-01-14 17:39 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\Google
2015-01-23 22:27 - 2014-11-25 19:18 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\.minecraft
2015-01-23 21:47 - 2012-07-22 11:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-23 21:47 - 2012-07-22 11:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 21:47 - 2011-08-25 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 17:24 - 2013-12-14 17:00 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Skype
2015-01-23 14:40 - 2014-12-02 16:39 - 00000000 ____D () C:\Program Files\Couponarific
2015-01-22 18:26 - 2014-10-01 20:04 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Instagram
2015-01-22 17:49 - 2014-09-23 15:57 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-01-21 20:06 - 2011-02-11 18:45 - 02139408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-20 21:26 - 2010-11-21 04:47 - 00266146 _____ () C:\Windows\PFRO.log
2015-01-20 18:21 - 2011-11-03 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2015-01-17 00:40 - 2013-03-16 11:30 - 00007601 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg
2015-01-15 03:15 - 2013-08-13 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2012-08-09 16:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 11:32 - 2013-08-29 12:53 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-01-12 17:59 - 2014-07-21 16:15 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\FileZilla
2015-01-02 22:50 - 2012-03-14 18:52 - 00004805 _____ () C:\Windows\TMFilter.log
2014-12-30 18:49 - 2013-12-14 17:00 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2013-02-26 07:28 - 2013-02-26 07:28 - 0027762 _____ () C:\Program Files\changes.txt
2013-02-26 07:34 - 2013-02-26 07:34 - 2547384 _____ (Beepa P/L) C:\Program Files\fraps.exe
2013-02-26 07:34 - 2013-02-26 07:34 - 0234168 _____ (Beepa P/L) C:\Program Files\fraps32.dll
2013-02-26 07:34 - 2013-02-26 07:34 - 0068792 _____ (Beepa P/L) C:\Program Files\fraps64.dat
2013-02-26 07:34 - 2013-02-26 07:34 - 0186552 _____ (Beepa P/L) C:\Program Files\fraps64.dll
2013-02-26 07:30 - 2013-02-26 07:30 - 0140288 _____ (Beepa P/L) C:\Program Files\frapslcd.dll
2014-11-27 16:04 - 2014-11-27 16:04 - 0000180 _____ () C:\Program Files\FRAPSLOG.TXT
2013-02-26 07:27 - 2013-02-26 07:27 - 0001894 _____ () C:\Program Files\README.HTM
2014-11-27 16:01 - 2014-11-27 16:01 - 0040446 _____ (Beepa Pty Ltd) C:\Program Files\uninstall.exe
2014-11-03 17:06 - 2014-11-03 17:06 - 1545136 _____ (HDTubeV03.11) C:\Users\Pia Bausch\AppData\Roaming\BCQYCY.exe
2014-04-13 12:30 - 2014-04-13 15:41 - 0000108 _____ () C:\Users\Pia Bausch\AppData\Roaming\Camdata.ini
2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamLayout.ini
2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamShapes.ini
2014-04-13 12:30 - 2014-04-13 12:33 - 0004535 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamStudio.cfg
2014-11-03 17:06 - 2014-11-03 17:06 - 2042288 _____ (HDTubeV03.11) C:\Users\Pia Bausch\AppData\Roaming\CJJORAH.exe
2014-04-13 12:29 - 2014-04-13 12:30 - 0000096 _____ () C:\Users\Pia Bausch\AppData\Roaming\version2.xml
2014-01-29 14:54 - 2014-11-17 16:53 - 0000181 _____ () C:\Users\Pia Bausch\AppData\Roaming\WB.CFG
2014-11-29 19:28 - 2014-11-29 19:28 - 0002085 _____ () C:\Users\Pia Bausch\AppData\Local\recently-used.xbel
2013-03-16 11:30 - 2015-01-17 00:40 - 0007601 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg
2015-01-16 22:10 - 2015-01-24 14:50 - 0000112 _____ () C:\ProgramData\42G8625p.dat

Files to move or delete:
====================
C:\ProgramData\42G8625p.dat


Some content of TEMP:
====================
C:\Users\Pia Bausch\AppData\Local\Temp\0birg04y.dll
C:\Users\Pia Bausch\AppData\Local\Temp\1lgq0ftb.dll
C:\Users\Pia Bausch\AppData\Local\Temp\2y-qbeib.dll
C:\Users\Pia Bausch\AppData\Local\Temp\4l0-fnac.dll
C:\Users\Pia Bausch\AppData\Local\Temp\7gaj2fq3.dll
C:\Users\Pia Bausch\AppData\Local\Temp\7z920.exe
C:\Users\Pia Bausch\AppData\Local\Temp\9uos6bli.dll
C:\Users\Pia Bausch\AppData\Local\Temp\APNStub.exe
C:\Users\Pia Bausch\AppData\Local\Temp\avhhixrd.dll
C:\Users\Pia Bausch\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\cixovzf6.dll
C:\Users\Pia Bausch\AppData\Local\Temp\cpdd890w.dll
C:\Users\Pia Bausch\AppData\Local\Temp\DeltaTB.exe
C:\Users\Pia Bausch\AppData\Local\Temp\dp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\e6ow2f5j.dll
C:\Users\Pia Bausch\AppData\Local\Temp\edde_wvx.dll
C:\Users\Pia Bausch\AppData\Local\Temp\ewddex_5.dll
C:\Users\Pia Bausch\AppData\Local\Temp\ffymztt5.dll
C:\Users\Pia Bausch\AppData\Local\Temp\fj3whpxl.dll
C:\Users\Pia Bausch\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\f_ehlkuw.dll
C:\Users\Pia Bausch\AppData\Local\Temp\g5w6v-4d.dll
C:\Users\Pia Bausch\AppData\Local\Temp\GdiPlus.dll
C:\Users\Pia Bausch\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Pia Bausch\AppData\Local\Temp\glgtk_sx.dll
C:\Users\Pia Bausch\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Pia Bausch\AppData\Local\Temp\hxbxahck.dll
C:\Users\Pia Bausch\AppData\Local\Temp\ia-7msjs.dll
C:\Users\Pia Bausch\AppData\Local\Temp\ICReinstall_FileZilla_3.8.1_win32-setup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\ICReinstall_MineCraftSetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\ICReinstall_winzip19-mediafire.exe
C:\Users\Pia Bausch\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Pia Bausch\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Pia Bausch\AppData\Local\Temp\jpun-md-.dll
C:\Users\Pia Bausch\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Pia Bausch\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Pia Bausch\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Pia Bausch\AppData\Local\Temp\Kraus.exe
C:\Users\Pia Bausch\AppData\Local\Temp\LyricsPal.exe
C:\Users\Pia Bausch\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Pia Bausch\AppData\Local\Temp\ms.exe
C:\Users\Pia Bausch\AppData\Local\Temp\npp.6.6.7.Installer.exe
C:\Users\Pia Bausch\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Pia Bausch\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Pia Bausch\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Pia Bausch\AppData\Local\Temp\nsi80A6.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\nweveefb.dll
C:\Users\Pia Bausch\AppData\Local\Temp\ofjq_kjs.dll
C:\Users\Pia Bausch\AppData\Local\Temp\optprosetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\ppbg9ya-.dll
C:\Users\Pia Bausch\AppData\Local\Temp\pricepeep_130001_0101.exe
C:\Users\Pia Bausch\AppData\Local\Temp\qdwzo0vl.dll
C:\Users\Pia Bausch\AppData\Local\Temp\qge-11ux.dll
C:\Users\Pia Bausch\AppData\Local\Temp\ql9tops3.dll
C:\Users\Pia Bausch\AppData\Local\Temp\rcallup8.dll
C:\Users\Pia Bausch\AppData\Local\Temp\s-iv8lqz.dll
C:\Users\Pia Bausch\AppData\Local\Temp\setup_297.exe
C:\Users\Pia Bausch\AppData\Local\Temp\setup_383.exe
C:\Users\Pia Bausch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\sm1kchwo.dll
C:\Users\Pia Bausch\AppData\Local\Temp\SmallBasicLibrary.dll
C:\Users\Pia Bausch\AppData\Local\Temp\somoto_BD Renaissance_1.0.exe
C:\Users\Pia Bausch\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Pia Bausch\AppData\Local\Temp\Sqlite3.dll
C:\Users\Pia Bausch\AppData\Local\Temp\tmp145E.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp1560.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp1A7B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp1C41.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp1ECC.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp1F35.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp2442.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp24A9.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp28C0.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp2AAE.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp2FFE.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp32BC.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp32F4.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp347F.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp36DD.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp375E.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp3848.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp3A3B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp3C12.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp3F80.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4363.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp43C6.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp440A.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4472.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp44A1.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp49B4.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4A39.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4A4C.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4CD9.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4D3C.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4EB0.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp4F17.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp521C.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp552B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp588E.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp5A03.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp5C15.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp5C63.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp616B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp622C.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp6387.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp66F6.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp6754.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp685B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp68CC.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp6996.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp6C7D.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp6D70.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp6E70.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp6F9F.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp714E.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp715.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp7486.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp7582.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp79FC.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp7E8A.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp81A5.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp83AD.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp85E4.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp8A38.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp8B8D.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp8EDF.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp9423.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp95C4.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp97B2.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmp9AED.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpA04A.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpA060.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpA1D2.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpA30B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpA4C.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpA5BC.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpAFAC.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpB829.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpB832.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpBED4.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpBF30.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpC95.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpCB02.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpCDB4.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpCE5B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpCFD.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpD296.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpD4F8.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpD545.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpD79B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpD8EA.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpD9E9.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpDD4C.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpE16A.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpE2D0.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpE600.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpE668.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpE728.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpEACE.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpED7B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpF524.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpF998.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpFB96.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpFC2E.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpFEA3.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpFF2B.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\tmpFF4D.tmp.exe
C:\Users\Pia Bausch\AppData\Local\Temp\umhkqfzw.dll
C:\Users\Pia Bausch\AppData\Local\Temp\umxujks7.dll
C:\Users\Pia Bausch\AppData\Local\Temp\uninstaller.exe
C:\Users\Pia Bausch\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\vhh6wd8-.dll
C:\Users\Pia Bausch\AppData\Local\Temp\vtcuksu9.dll
C:\Users\Pia Bausch\AppData\Local\Temp\vvqyybou.dll
C:\Users\Pia Bausch\AppData\Local\Temp\WSSetup.exe
C:\Users\Pia Bausch\AppData\Local\Temp\xfl7ux5v.dll
C:\Users\Pia Bausch\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Pia Bausch\AppData\Local\Temp\zafwSetupWeb_120_121_000-4-.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 03:51

==================== End Of Log ============================
         
--- --- ---


Mehr habe ich wie bereits geschrieben leider nicht.
Ist es OK so??

Danke erst einmal

LG Nailimixam
__________________

Alt 26.01.2015, 09:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar

    Foxtab

    FromDocToPDF Toolbar

    Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION

    LookThisUp

    LPT System Updater Service

    Minecraft - 1.7.4 Packages

    Optimizer Pro v3.2

    RegClean Pro

    SweetIM Bundle by SweetPacks

    SweetIM for Messenger 3.7

    Yahoo Community Smartbar

    Yahoo Community Smartbar Engine (HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\{d0178b17-ab1f-4552-9a89-f1d5eb97f1e0}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.01.2015, 17:24   #5
Nailimixam
 
WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hallo Schrauber,
ok habe nun alle aufgelisteten Programme deinstalliert.
Gibt es nun noch irgentetwas zu tun?

Es scheint so, als wäre nun alles in Ordnung !! Super, dass wäre ja sentiationell !!

Kannst Du mir noch ein gutes (kostengünstiges) Virenprogramm empfehlen, welches ich nun abbonieren sollte?

Danke nochmal für die Hilfe!
LG Nailimixam


Geändert von Nailimixam (26.01.2015 um 18:10 Uhr)

Alt 26.01.2015, 19:23   #6
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Was ist mit Combofix?
__________________
--> WIN 7: Zugriff auf Dateien nicht mehr möglich

Alt 26.01.2015, 22:03   #7
Nailimixam
 
WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hallo Schrauber,
Wie es scheint habe ich wohl die Anweisung mit dem Combofix Scan überflogen, da ich dachte das das nur für die Mitleser gilt...
Naja ich habe jetzt alles gemacht hier ist die Combofit.txt:

Code:
ATTFilter
ComboFix 15-01-22.02 - Pia Bausch 26.01.2015  21:23:43.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3993.2244 [GMT 1:00]
ausgeführt von:: c:\users\Pia Bausch\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-Spyware *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\374311380
c:\users\Pia Bausch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0CE5DDB5-DD51-4089-83E5-3A2A425939BF}.xps
c:\users\Pia Bausch\AppData\Local\Microsoft\Windows\Temporary Internet Files\result.xml
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_ctypes.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_elementtree.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_hashlib.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_multiprocessing.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_socket.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\_ssl.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\hashobjs_ext.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\pyexpat.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\pysqlite2._sqlite.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\python27.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\pythoncom27.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\PyWinTypes27.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\select.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\unicodedata.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32api.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32com.shell.shell.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32crypt.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32event.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32file.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32gui.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32inet.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32pdh.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32pipe.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32process.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32profile.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32security.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\win32ts.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\windows._lib_cacheinvalidation.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._animate.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._controls_.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._core_.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._gdi_.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._html2.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._misc_.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._windows_.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wx._wizard.pyd
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxbase294u_net_vc90.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxbase294u_vc90.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_adv_vc90.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_core_vc90.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_html_vc90.dll
c:\users\Pia Bausch\AppData\Local\Temp\_MEI48162\wxmsw294u_webview_vc90.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_ctypes.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_elementtree.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_hashlib.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_multiprocessing.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_socket.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\_ssl.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\hashobjs_ext.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\pyexpat.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\pysqlite2._sqlite.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\python27.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\pythoncom27.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\PyWinTypes27.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\select.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\unicodedata.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32api.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32com.shell.shell.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32crypt.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32event.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32file.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32gui.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32inet.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32pdh.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32pipe.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32process.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32profile.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32security.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\win32ts.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\windows._lib_cacheinvalidation.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._animate.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._controls_.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._core_.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._gdi_.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._html2.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._misc_.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._windows_.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wx._wizard.pyd
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxbase294u_net_vc90.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxbase294u_vc90.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_adv_vc90.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_core_vc90.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_html_vc90.dll
c:\users\PIABAU~1\AppData\Local\Temp\_MEI48162\wxmsw294u_webview_vc90.dll
c:\windows\msdownld.tmp
c:\windows\SysWow64\WNLT
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-26 bis 2015-01-26  ))))))))))))))))))))))))))))))
.
.
2015-01-26 20:35 . 2015-01-26 20:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-26 20:35 . 2015-01-26 20:35	--------	d-----w-	c:\users\Maximilian Bausch\AppData\Local\temp
2015-01-26 20:35 . 2015-01-26 20:35	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2015-01-26 15:46 . 2015-01-26 15:46	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-01-25 15:09 . 2015-01-25 15:11	--------	d-----w-	C:\FRST
2015-01-24 12:43 . 2015-01-24 12:43	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2015-01-20 19:21 . 2015-01-20 19:21	--------	d-sh--w-	c:\users\Pia Bausch\AppData\Local\EmieBrowserModeList
2015-01-20 18:53 . 2015-01-20 18:53	--------	d-----w-	C:\sh4ldr
2015-01-20 18:52 . 2015-01-20 18:52	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-01-20 18:52 . 2015-01-26 16:19	--------	d-----w-	c:\program files\Enigma Software Group
2015-01-12 17:31 . 2015-01-26 20:44	--------	d-----w-	c:\users\Default\AppData\Roaming\Compatibility Verifier
2015-01-12 17:31 . 2015-01-12 17:31	--------	d-----w-	c:\users\Default\AppData\Local\Programs
2014-12-30 17:49 . 2014-12-30 17:49	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-12-30 17:49 . 2014-12-30 17:49	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-26 17:47 . 2012-07-22 10:23	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-26 17:47 . 2011-08-25 15:17	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-15 02:02 . 2012-08-09 15:27	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-14 10:32 . 2013-08-29 11:53	33856	---ha-w-	c:\windows\system32\hamachi.sys
2014-12-25 17:10 . 2014-10-12 11:45	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-13 05:09 . 2014-12-17 18:56	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 18:56	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 16:22 . 2014-12-04 16:23	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-12-04 02:50 . 2014-12-10 15:29	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 15:29	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 15:29	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 15:29	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 15:29	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 15:29	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 15:29	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 15:29	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 15:01 . 2014-11-27 15:01	40446	----a-w-	c:\program files\uninstall.exe
2014-11-27 01:43 . 2014-12-10 15:30	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-25 18:12 . 2014-11-25 18:09	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-25 18:09 . 2014-11-25 18:13	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2014-11-25 18:09 . 2014-11-25 18:13	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2014-11-25 17:34 . 2014-11-25 17:35	320936	----a-w-	c:\windows\system32\javaws.exe
2014-11-25 17:34 . 2014-11-25 17:35	191400	----a-w-	c:\windows\system32\javaw.exe
2014-11-25 17:34 . 2014-11-25 17:35	190888	----a-w-	c:\windows\system32\java.exe
2014-11-25 17:28 . 2014-11-25 17:28	0	----a-w-	c:\windows\system32\REN3EC6.tmp
2014-11-25 17:28 . 2014-11-25 17:28	0	----a-w-	c:\windows\system32\REN3EB6.tmp
2014-11-25 17:28 . 2014-11-25 17:28	0	----a-w-	c:\windows\system32\REN3EB5.tmp
2014-11-25 17:23 . 2014-11-25 17:23	0	----a-w-	c:\windows\system32\REN10A4.tmp
2014-11-25 17:23 . 2014-11-25 17:23	0	----a-w-	c:\windows\system32\REN1093.tmp
2014-11-25 16:16 . 2014-11-25 16:16	177856928	----a-w-	c:\users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jdk-8u25-windows-x64.exe
2014-11-22 03:13 . 2014-12-10 15:30	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 15:30	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 15:30	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 15:30	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 15:30	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 15:30	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 15:30	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 15:30	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 15:30	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 15:30	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 15:30	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 15:30	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 15:30	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 15:30	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 15:30	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 15:30	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 15:30	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 15:30	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 15:30	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 15:30	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 15:30	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 15:30	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 15:30	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 15:30	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 15:30	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 15:30	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 15:30	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 15:30	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 15:30	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 15:30	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 15:30	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 15:30	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 15:30	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 15:30	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 15:30	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 15:30	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 15:30	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 15:30	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 15:30	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-19 15:38 . 2014-11-19 15:38	41168	----a-w-	c:\windows\system32\drivers\netfilter64.sys
2014-11-19 03:31 . 2014-11-19 03:31	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 15:29	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 12:50	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 12:50	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 15:29	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 12:50	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 12:50	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 15:29	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 15:24	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 15:24	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-11-03 16:06 . 2014-11-03 16:06	1545136	----a-w-	c:\users\Pia Bausch\AppData\Roaming\BCQYCY.exe
2014-11-03 16:06 . 2014-11-03 16:06	2042288	----a-w-	c:\users\Pia Bausch\AppData\Roaming\CJJORAH.exe
2014-10-30 02:03 . 2014-12-10 15:24	165888	----a-w-	c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 15:24	155136	----a-w-	c:\windows\SysWow64\charmap.exe
2013-02-26 06:34 . 2013-02-26 06:34	68792	----a-w-	c:\program files\fraps64.dat
2013-02-26 06:34 . 2013-02-26 06:34	2547384	----a-w-	c:\program files\fraps.exe
2013-02-26 06:34 . 2013-02-26 06:34	234168	----a-w-	c:\program files\fraps32.dll
2013-02-26 06:34 . 2013-02-26 06:34	186552	----a-w-	c:\program files\fraps64.dll
2013-02-26 06:30 . 2013-02-26 06:30	140288	----a-w-	c:\program files\frapslcd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-11-03 16:07	515464	----a-w-	c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ca3eae2b-3b20-2e6f-a849-c126d93b6ad3}]
2014-07-11 14:13	74752	----a-w-	c:\program files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\xkymsyyrfh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2013-03-18 14:53	1310480	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-03-18 1310480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"Browser Infrastructure Helper"="c:\users\Pia Bausch\AppData\Local\Smartbar\Application\Smartbar.exe" [2014-08-27 29696]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-17 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-03-19 2112536]
"OE"="c:\program files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2010-08-10 846672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-05-21 832272]
"PLTSpokes.exe"="c:\program files (x86)\Plantronics\Spokes3G\PLTSpokes.exe" [2014-10-23 6579600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-01-20 3977576]
.
c:\users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-25 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
R2 SupraSavingsService64;SupraSavingsService64;c:\program files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe;c:\program files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 d554gps;Dell Wireless  HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys;c:\windows\SYSNATIVE\DRIVERS\d554gps64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 bupService;BUP Service;c:\users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe;c:\users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe [x]
S2 CouponarificService64;CouponarificService64;c:\program files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe;c:\program files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 jzmoeejfme64;jzmoeejfme64;c:\program files\003\jzmoeejfme64.exe run options=01100010030000000000000000000000 sourceguid=E52BA74C-5F88-4F08-A1B8-3FC89D881FD1;c:\program files\003\jzmoeejfme64.exe run options=01100010030000000000000000000000 sourceguid=E52BA74C-5F88-4F08-A1B8-3FC89D881FD1 [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 LPTSystemUpdater;LPT System Updater Service;c:\program files (x86)\LPT\srpts.exe;c:\program files (x86)\LPT\srpts.exe [x]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
S2 PlantronicsUpdateService;Plantronics Update Service;c:\program files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe install;c:\program files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe install [x]
S2 RGMUpdater;RG Manage Updater;c:\users\Pia Bausch\AppData\Local\RGMService\RGMUpdater.exe;c:\users\Pia Bausch\AppData\Local\RGMService\RGMUpdater.exe [x]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 d554scard;Dell Wireless  HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys;c:\windows\SYSNATIVE\DRIVERS\d554scard.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Mbm3CBus;Dell Wireless 5550 HSPA+ Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;Dell Wireless  HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;Dell Wireless  HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;Dell Wireless  HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy-Dienst;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 17:47]
.
2015-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 16:39]
.
2015-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-14 16:39]
.
2015-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job
- c:\users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06 09:17]
.
2015-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job
- c:\users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-06 09:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 08:34	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 08:34	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 08:34	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 08:34	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66jyhMonN5_WMm_RxI4vr-DbljOiysZ1l680Nl6VXESZFGpYNps2gqqOJCVb6z20rAEEF_SeM69XlnMvryDaC3vj7nbGW_JnJQ3jYw,,
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjMrI-tVCBBJAVXjH2c_ez7MAbFNRMw7vfozUDFYZDokGR3x5WmFGLtUGdHomRE66j-k0nkzoGe31QXRZZ7hCnw7D-ULd5F0mnBXXgRp1mpvGnEjSXU77vHfRGVrJmK_R_7fhYodK-WzwLNRKTxy7fU52M7wPzRbMg0Dg,,&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=swissconverter&searchfor=
FF - ExtSQL: !HIDDEN! 2013-03-02 15:16; 65ffxtbr@FromDocToPDF_65.com; c:\program files (x86)\FromDocToPDF_65\bar\1.bin
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-LookThisUp - c:\users\Pia Bausch\AppData\Roaming\LookThisUp\LookThisUp.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-ftp-uploader - c:\users\Pia Bausch\Documents\notepad++\ftp-uploader\uninstall.exe
AddRemove-Notepad++ - c:\users\Pia Bausch\Desktop\Notepad++\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\temp\db25.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe
c:\program files (x86)\LPT\srptsl.exe
c:\users\Pia Bausch\AppData\Local\RGMService\RGMLoader.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\windows\temp\db25.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-26  21:58:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-26 20:58
.
Vor Suchlauf: 14 Verzeichnis(se), 93.405.253.632 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 102.600.077.312 Bytes frei
.
- - End Of File - - 400826B9DAC8126B8CA55E8D36F7F4E5
         
LG Nailimixam

Alt 27.01.2015, 07:43   #8
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2015, 16:57   #9
Nailimixam
 
WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hallo schrauber,
Hier sind die ganzen Logfiles:


mbam.txt:
dafür, dass das so lange gedauert hat, ist erstaunlich wenig bei rausgekommen...
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 27.01.2015 15:19:17, SYSTEM, PIABAUSCH, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 27.01.2015 15:19:17, SYSTEM, PIABAUSCH, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, 
Update, 27.01.2015 15:19:20, SYSTEM, PIABAUSCH, Manual, Malware Database, 2014.11.20.6, 2015.1.27.6, 

(end)
         

AdwClearner(S0):
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 16:28:04
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Pia Bausch - PIABAUSCH
# Gestartet von : C:\Users\Pia Bausch\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****
         

AdwCleaner(S1):
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 16:30:43
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Pia Bausch - PIABAUSCH
# Gestartet von : C:\Users\Pia Bausch\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : bupService
Dienst Gelöscht : LPTSystemUpdater
Dienst Gelöscht : netfilter64
[#] Dienst Gelöscht : SupraSavingsService64
Dienst Gelöscht : CouponArificService64
Dienst Gelöscht : RGMUpdater
Dienst Gelöscht : jzmoeejfme64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\ecee4378ff64a2ea
Ordner Gelöscht : C:\Program Files (x86)\FoxTab
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Program Files (x86)\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Local\globalUpdate
[#] Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Local\RGMService
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\BupSystem
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\FoxTab
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Security Systems
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Pia Bausch\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\s4hw1lte.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : \END
Datei Gelöscht : C:\Program Files\Uninstall.exe
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Maximilian Bausch\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Pia Bausch\AppData\LocalLow\SkwConfig.bin

***** [ Tasks ] *****

Task Gelöscht : LaunchApp
Task Gelöscht : LaunchSignup
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v34.0.5 (x86 de)

[s4hw1lte.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "1497672287961daa40c86e3d2d639d32");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=[...]
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&p2=^Y6^xdm043^YY^de&si=swissconverter");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", false);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.lastGuardTime", 730122569);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.numGuards", 1);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013030215");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm043^YY^de");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "8E2B2572-183B-4907-87CE-E0BF9CC78E8E");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1415132108696");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.searchHistory", "Sie haben alle Nachrichten in Ihrem Posteingang gelesen!\r\nAlles andere\r\n \r\n11 von 1\r\n \r\n	\r\n	Nicht markiert	\r\n	\r\nMa[...]
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&&q=");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=8954336f73fa43c3820da234747df770&tu=11Igy00EC1C01x0&sku=&tstsId=&ver=&&q=");
[455x0jfg.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8E2B2572-183B-4907-87CE-E0BF9CC78E8E&n=77fc6747&ind=2013030215&p2=^Y6^xdm043^YY^de&si=swissconverter&searchf[...]

*************************

AdwCleaner[R0].txt - [642 octets] - [27/01/2015 16:22:55]
AdwCleaner[R1].txt - [31672 octets] - [27/01/2015 16:25:31]
AdwCleaner[R2].txt - [31792 octets] - [27/01/2015 16:29:01]
AdwCleaner[S0].txt - [364 octets] - [27/01/2015 16:28:04]
AdwCleaner[S1].txt - [29344 octets] - [27/01/2015 16:30:43]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [29405 octets] ##########
         

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Pia Bausch on 27.01.2015 at 16:40:40,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{01F3BF82-C77D-442F-95BF-5571731A905E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{027302D5-872E-4A70-9197-DBE4F2D2BE17}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{02A7239F-F9D0-4950-A1A3-AF12222D4C96}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{048539E1-A349-4036-9E4D-2D33FD8B1299}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{04DC9CA1-216E-4644-A351-1868F852BC34}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{05BA55F6-08A5-456C-A6AB-C136C8E65B12}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{080BE315-2275-4753-ACA6-6D211FEC3379}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{087E286B-6093-4AF7-A290-A9A6288B8BE3}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0CA95CDC-C66E-4E10-ADBC-45F9885CC121}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0D9C279D-E1CC-48DC-B4DF-7F5265CCE8D1}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0DD92B12-4E31-4028-9645-825C3AD6279A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0EBE6271-5CDE-4A23-A469-4ABC228361E6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0EE95296-89C5-4A7C-AA98-EDAF21920728}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0F9B86F6-489E-4E41-B790-623C1DCD14EA}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{0FE6EA69-7334-4630-9263-D492DF3FDAC8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{110C489A-1BC4-4941-9AFA-7D325EA94594}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{13905D80-7CF5-4BF4-A744-C195AE677F1A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1453CB1E-DA7E-4111-880D-02A5A5811651}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{146A5B59-FBCA-4448-9E29-F1663CBE4CF3}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{154D92A2-37BE-4570-9AB0-F0B27855A852}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{158C8D92-D246-4CCB-A546-39EF66DDF131}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{178DD9CB-586A-4651-9835-41C709823F3A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1A35D901-6C9B-47A6-BC83-9F11B39AF444}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1B446DC8-E130-426F-814A-B54E7E873FED}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1B4DC712-454A-45C2-8704-B44F63EFAF4C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1C38C485-777D-4895-89DA-9D0C7339A2C6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{1CA7245B-810B-490D-8DC8-3ABF4F533AD6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{216DF6FE-D67C-418D-B8DE-268DEE50C3D6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{22D3FF5C-9EE7-4EEF-A9E6-C74FA6C486B8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{27DE73A7-4427-4C5E-B05A-65B3ECB8C7FF}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2840498A-ABC7-4BC6-8A75-9FB459790EC5}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{28C0B3E3-DDA6-4B3E-8433-2930CEEFD251}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2979A18C-74B4-4AFF-9638-B474177992A2}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{29E1DDF8-F7B3-4460-B315-F7DFB318D46E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2A3C0D3B-5E1F-416F-BD6C-04148BB4714C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2BAB8D95-04AD-46EA-A70F-88E8DFE524D9}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2D5674F0-AC97-4490-B82E-D357E9B40250}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{2DF84EB2-96E3-45CF-A99F-9C1B331DAC3A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3084A338-80FE-4A6F-BD8E-4BBD28C7FFDD}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{30ED4CBA-F7E4-4699-869D-18F4EDCC65CC}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3114927D-46CA-4787-AFDB-D371B9EFA555}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{31B0B7A2-C462-4528-B943-F2076E8BA55C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{32D5A5EF-8AAC-4488-88AA-E42F56D5DEAD}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{355BECD2-AE09-42BC-A72D-22C630218516}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{35EEF18D-4DDD-4149-8540-4B3D106A19E7}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3656C9F9-2871-4B0A-A3C8-3CD69D4E61DC}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{365A4ABB-2650-441A-9FB1-646121B9C1B9}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{38121AC1-5BD4-4A50-915D-0DC3DB79F044}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3B5CC18B-FE28-402D-97B6-186648735441}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{3DC61A3A-859E-47DB-9CA8-5804008D6C87}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{41D36D23-3A7C-4E4F-8D70-9EB75354A019}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{430D18B3-FB16-488F-A60B-5CE6ED718EEB}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{44580556-DE08-4DCF-AEEC-67CAEDFB077B}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{47142B64-3B1F-499A-A8A3-E839857851F7}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4851C15C-093C-430F-910C-6D29905CEEB6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4AB5EC1F-A342-401A-B4DB-1423997D0180}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4D128925-66D5-45F9-A38F-C376CCD23520}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4E4AB21A-6D26-4E02-B8CF-69CE84E0D888}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4E7D7D02-A965-4F70-B494-F3FEAFAD181A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{4FE3F93D-A5EA-44D1-B520-E75A3DDAD7F8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{51E3A318-930C-43DD-A9DE-FEF11820648D}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{52B9705D-54F8-483A-8616-33BED31A7BD0}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{533B5FC2-0DE8-4397-AFFD-D0409AFC086E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5352BFC8-0456-4F6A-80FD-A093862E9D29}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{541473DC-5489-48EA-A7B5-F9496C5EA9AB}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{557DBCBB-8748-44F2-8E95-54581FB9D3B7}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{55A0A13A-FA88-40E3-89EB-C8A215DF4A00}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{57320A9A-FDE6-45B3-B46D-E8FA2EB806EF}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{577BD930-7F33-4513-ACFA-4B6DD5920A66}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{59F9C295-5D35-4415-9422-689CE4518CE1}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5A06D204-F294-4B69-9C2C-E7930B300C3C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5AC6FF44-D6BE-419B-BC2A-A1020815498F}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{5F754BD1-45C5-4A7C-B307-1D0C74FD9969}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{61757730-0430-4E8C-BFF9-8BBCE1BB2567}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{62187C01-37E5-4D03-A18C-32896476E003}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{63D479E2-4637-4481-B43B-1275E0B0140C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{65654212-F451-4283-AA60-6072664C27AD}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{67EB3D4E-0BC6-419F-B3D2-D7286DF42F4E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{686DBE52-24A1-41EA-951E-585B0303400B}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{698FE566-0F5B-4164-B149-295064DDD932}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6AB33023-E331-4BAC-9108-1AF1D81FFDB6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6AC7F96A-F798-4EC0-8EF0-1F5363A0D5A3}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6BEF7B82-EF8F-4395-A5A9-DA4ED90A0578}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6C20F74F-1317-438C-A846-C1096190D01E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6D8B17AA-F4C5-4F88-B4B2-37304EB3C1B0}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6ED5AD95-2570-437B-992A-8918634764B8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{6FFD89AC-9BC8-4511-9095-193773903C8C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{70983BBF-B666-4598-A60C-BEEA2D0B4D71}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{70A691DC-38D9-4D72-B405-D116C30CBC16}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{71826EEA-CAB7-4366-91F8-95EE69943FB0}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{71DF1915-F23D-40E3-856B-4BEE8FA89033}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7254B237-E3DE-4EB6-896F-D6AED1ADABC8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{74B66D00-8AA8-4BC0-AD99-838DCA967B5F}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{74D2C44D-26C4-4601-B11E-246879E6F023}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{76D3D8DA-C960-4069-AF01-2B1BAA8D44A1}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{77C46E40-5F08-4952-A984-225F5542A8FA}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7852E1B7-705B-4B11-B687-37BD597103A5}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{79E65F58-6701-49F4-A2EA-1E4FC2D1B67E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7BEB1F5A-D04A-4562-BB70-F791C60755AC}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{7C385310-CD6E-408C-9E85-F1B96E88F4CB}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8155D7E0-B942-4CEF-B1D9-8D164C475A59}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{81EB9CFA-C147-4743-A020-934E3DCB9D3C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{83B85099-3EB7-48E5-9DA5-F41FF9CDF66B}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{860D57A2-B657-441C-A0F7-E6D43981E7DE}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{878CEAC5-DA90-454D-BD3C-F744A89154F2}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{883C2572-9717-4B6E-9106-9BE1A7C58198}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{89DD8C9D-29FC-48E8-A16E-A7524190A76B}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8AE01F11-8A18-4D5D-A982-126D604BA2D6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8B7FB949-CEA9-44E9-A4A3-05A24228C0E2}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8C046970-55E1-410B-B4E6-464696BB27D8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8DD1699E-5295-4970-9166-B4C9ABDE7B14}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{8E831672-26C1-4ED5-8FA1-ACC5EF8DC0E2}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{900C9AA3-0E23-4AE4-982F-58925840203D}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{90B9FBD8-7D94-484F-A152-5A388259FB3E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9272929D-F927-4174-94D1-92B58CC9702E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{92C4F806-E414-4B50-B05B-B4E68591757F}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{944AFDD8-EEDF-4F68-B45B-2E12073BDABD}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{94501B59-1F9A-4470-BE53-CBAFA5368402}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{95520C54-E7A6-40C4-8A3B-580A69F49677}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9567C1DD-8DAB-47BC-B99C-75DF110FB34B}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{974326E3-785E-46C1-8CF8-9F8159869BE5}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9748D2AA-85C3-4F41-8CD2-0D974EF81724}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{97A831AD-7DDC-4E42-9BEC-AAB5E6D3EBDD}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{98662463-424B-4584-B092-2D06A65F810C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{999F5B80-7B69-4BD3-ADE2-199A8657DA86}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9BC616EA-7901-476C-A0C4-2716E6698E52}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9CE086D1-FCFA-4ECB-B38D-36C181CA24D0}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9D21CF03-6546-46AE-9565-2F6DCB0BD0F3}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9DFCF418-141E-4971-8148-4B9E78B7B855}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9F351756-96CA-431C-ABA4-53F2E0E334BF}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9F89ABC1-360D-41B8-8783-55565BECDB60}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{9FABCA0A-50F5-4561-BBFC-C8663F85C6A4}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A07D9E5C-DCB0-4338-A3E7-59E9A366676F}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A0C92320-C905-4514-BDB9-BF3F31315707}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A5737A2D-0E86-43FA-87EA-86059B34A294}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A8780F5C-6D39-4CC3-8724-1195C42E7D72}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A8C27417-7D35-47E1-8118-B4162407C43E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A8C8216C-2BC5-4FA3-8E05-F81CDFB4386A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{A9A287BC-99FB-45D8-90C1-61D9A179BE14}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{AB0AA8DB-E976-4C9F-A40A-CA874C0335DB}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{ACCB4563-619B-430B-980F-52E5FCC4F6C5}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B0491C09-6041-4278-844A-6C370F2C5CD8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B15C8211-77D3-4731-A4DF-6AE33B595C9D}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B211B5F0-8382-4215-9395-D8FA56648C1A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B45E2CEA-6975-4B06-B257-1E8F901C0F44}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B70F0999-1CCF-4038-98CB-4028BAF3AF25}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B799F5F0-6D48-4F3E-BA0C-368989649632}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B887C78E-AFB3-47C4-8675-4AB53CDE92A1}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{B9D39252-6ABE-4F18-9065-E2897CDA72A5}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{BB24D11A-EA4F-44FC-A96F-D5593FC0FED1}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{BF915CDC-E5AC-4EFA-8554-04045C8E19CE}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C5CE8C17-2991-4894-9C22-700372E2DCFF}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C75D616C-A444-4E13-BE73-84DEBCD2AFFA}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C7924354-9C8D-4640-9AA1-ECFD29192ECA}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{C7EA81DC-047C-41B0-A452-87F6FCC8317F}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CAD2BE22-4EE2-4FA6-85D3-FAAA29858013}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CB6293BB-4C38-4E2F-BF4A-F570D39CBF61}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CB841598-F5C6-462A-B8E8-A09ECCD53BF4}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CBA15479-EFDD-4DD9-A276-BF130C1DF0CA}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CEAEA331-BCB5-4731-8D32-148744C55930}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CF9EDEEF-C8DE-4621-BD9C-B63305051417}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{CFB3A00D-76D9-4277-B167-426EB3B8E3DE}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D1EC619E-052F-4DFC-A3DF-2E2F524592D8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D441CEB5-CBC8-426C-BE62-1024B7DE3741}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D53C5286-D72E-4D88-AF0D-43B2DD52A70C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D7B4791F-346F-4D5F-89A6-AA0E316BDD96}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D89BE8B3-9102-49D9-808F-26A4FB975B32}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D9797F17-B0C2-426B-9FEC-73923D0519ED}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{D9970B65-6E34-416B-9A4F-7F7F756E3752}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DA5057AF-9459-43F0-93B9-632323CD08F2}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DAC59757-A9B0-4BA1-8F6E-EB3E88C4B195}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DB2D68B4-6062-4485-B8DC-91796C7F37A8}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DD7B08DF-9345-41F4-9F16-7C78944C1987}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DDF6F121-A6AD-4DC2-8827-EBC64B54275B}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DE358A14-E454-466A-9E6F-36CDCAB38DAA}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DF0DA3A1-8405-4453-94A4-5B5C80ECAF39}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DF33F295-83A4-423A-A09E-ABB537450D69}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{DFA12B72-0D4C-4E7D-982C-BA24997DED82}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E144533C-CF19-4927-8A66-DCC451DBDC06}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E30D0E98-49EF-4FA9-A32F-49E993918D8D}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E33127D6-FFDB-4556-8254-144012982F65}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E3F58A50-647A-4B98-A8FE-723D720A1D4E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E5DC1230-FEAE-49E9-879B-FF29465D265A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E6A14B3F-7A23-417B-8FF6-BE3502A16F5C}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E74C00E8-4AB1-4053-920F-25DD038BA59E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E8603699-3FA5-4632-B23E-25D5E5402FA2}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E87184AE-D9EE-4188-8302-C50BE8F30F2B}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{E97F41AD-FEE6-4149-9A2D-C4259703412E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EB3A69B1-7DB4-4B80-B32A-3EF2237C6DE9}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EC46D0C1-2C5B-49D4-93C7-F7C8B88F56A6}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{ED86AF6E-0CB8-494C-B37D-9B4848E6E153}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EECE4B38-B98F-40B4-A576-65E3BE3B5ECB}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{EFAAE7E8-1F18-44AA-8602-5BC65C4EFD9F}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F056AEC3-FB6C-4228-B8EF-2E3D8A5CD443}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F0A99E17-0A23-456E-8BB3-8141B974DCD9}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F365BFAE-BB7E-4F59-B81C-99C2781BF56D}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F36F328C-89B0-42D2-889D-7B1BA1A84E3A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F54A9937-A717-4A49-9996-C05F04FE8012}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F590B518-387A-4098-A464-D1D19D1AC819}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F71233D2-0681-4391-AC02-5A91F098865A}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F8F39365-1A15-428E-911F-9BEABC21FB04}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F90A913A-3902-4A07-9011-E8FB3FF32EDE}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F9507CAE-BF64-4484-9CF4-86C19AD3D151}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F9936B17-EEFB-48CA-B98C-2BDFC721C188}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{F9FF37FF-A089-4799-8AE2-7B0167B45C14}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FB2C6C3F-9A13-4496-82C7-28BFAC64163E}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FD4EBB00-3581-40A7-AE63-83D4FCEF43DF}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FE5747C4-7A98-477E-A67F-F102A6A4131F}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FE68109A-6C90-49E4-9528-9B24A13E1273}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FF7A9E08-223C-448A-81D6-163F39594706}
Successfully deleted: [Empty Folder] C:\Users\Pia Bausch\appdata\local\{FFFDD4A7-F7C3-4130-B987-E3CAA00A2264}



~~~ FireFox

Emptied folder: C:\Users\Pia Bausch\AppData\Roaming\mozilla\firefox\profiles\455x0jfg.default\minidumps [839 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2015 at 16:44:50,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Frst:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Pia Bausch (administrator) on PIABAUSCH on 27-01-2015 16:47:25
Running from C:\Users\Pia Bausch\Desktop\Virus Programme
Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
() C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2112536 2013-03-19] (Trend Micro Inc.)
HKLM-x32\...\Run: [OE] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [846672 2010-08-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PLTSpokes.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe [6579600 2014-10-23] (Plantronics, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/O1DPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: jid1xKH0EoS44u1a2wjetpack - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack [2014-11-07]
FF Extension: Foxy Security - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\sys@foxysecurity.com [2014-05-30]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-11-16]
FF Extension: NoScript - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012-10-07]
FF HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1824800 2013-03-18] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1183120 2014-10-23] (Plantronics, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50208 2013-01-11] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-03-13] () [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060904 2013-03-18] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed]
S3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [101416 2010-12-02] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2010-11-19] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-20] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] () [File not signed]
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] () [File not signed]
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] () [File not signed]
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 16:44 - 2015-01-27 16:44 - 00024354 _____ () C:\Users\Pia Bausch\Desktop\JRT.txt
2015-01-27 16:40 - 2015-01-27 16:40 - 01707939 _____ (Thisisu) C:\Users\Pia Bausch\Desktop\JRT.exe
2015-01-27 16:40 - 2015-01-27 16:40 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 16:39 - 2015-01-27 16:31 - 00029896 _____ () C:\Users\Pia Bausch\Desktop\AdwCleaner[S1].txt
2015-01-27 16:39 - 2015-01-27 16:28 - 00000364 _____ () C:\Users\Pia Bausch\Desktop\AdwCleaner[S0].txt
2015-01-27 16:21 - 2015-01-27 16:31 - 00000000 ____D () C:\AdwCleaner
2015-01-27 16:17 - 2015-01-27 16:19 - 00000373 _____ () C:\Users\Pia Bausch\Desktop\mbam.txt
2015-01-27 15:19 - 2015-01-27 15:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 15:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 15:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 15:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 21:58 - 2015-01-26 21:58 - 00044901 _____ () C:\ComboFix.txt
2015-01-26 21:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-26 21:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-26 21:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-26 21:18 - 2015-01-26 21:58 - 00000000 ____D () C:\Qoobox
2015-01-26 21:17 - 2015-01-26 21:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-26 21:04 - 2015-01-26 21:04 - 05609462 ____R (Swearware) C:\Users\Pia Bausch\Desktop\ComboFix.exe
2015-01-26 18:20 - 2015-01-26 18:20 - 00001373 _____ () C:\Users\Pia Bausch\Desktop\Minecraft.lnk
2015-01-26 17:37 - 2015-01-27 16:47 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Virus Programme
2015-01-26 16:46 - 2015-01-26 16:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default\AppData\Roaming\WB.CFG
2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default User\AppData\Roaming\WB.CFG
2015-01-25 16:09 - 2015-01-27 16:47 - 00000000 ____D () C:\FRST
2015-01-25 16:05 - 2015-01-25 16:05 - 00000000 _____ () C:\Users\Pia Bausch\defogger_reenable
2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 _____ () C:\autoexec.bat
2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 __SHD () C:\Users\Pia Bausch\AppData\Local\EmieBrowserModeList
2015-01-20 19:53 - 2015-01-20 19:53 - 00000000 ____D () C:\sh4ldr
2015-01-20 19:52 - 2015-01-26 17:19 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-20 19:52 - 2015-01-20 19:52 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-16 22:10 - 2015-01-24 14:50 - 00000112 _____ () C:\ProgramData\42G8625p.dat
2015-01-14 16:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:19 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-12 17:44 - 2015-01-12 17:44 - 06388344 _____ (Tim Kosse) C:\Users\Pia Bausch\Downloads\FileZilla_3.10.0_win32-setup.exe
2014-12-30 18:49 - 2014-12-30 18:49 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 16:47 - 2012-07-22 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 16:42 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 16:42 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 16:36 - 2014-05-19 16:38 - 00000000 ___RD () C:\Users\Pia Bausch\Google Drive
2015-01-27 16:36 - 2011-08-25 16:57 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-27 16:35 - 2014-12-05 15:37 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\LogMeIn Hamachi
2015-01-27 16:33 - 2012-01-14 17:39 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 16:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 16:33 - 2009-07-14 05:51 - 00169000 _____ () C:\Windows\setupact.log
2015-01-27 16:32 - 2010-11-21 04:47 - 00728116 _____ () C:\Windows\PFRO.log
2015-01-27 16:31 - 2012-03-14 18:52 - 00005019 _____ () C:\Windows\TMFilter.log
2015-01-27 16:31 - 2011-08-25 09:10 - 01393640 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 16:22 - 2012-01-14 17:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 16:21 - 2012-12-06 18:14 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job
2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1
2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1
2015-01-27 16:17 - 2014-04-13 12:29 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-01-26 22:08 - 2014-11-25 19:18 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\.minecraft
2015-01-26 21:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-26 21:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-26 21:38 - 2009-07-14 03:34 - 98041856 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 22020096 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-26 20:00 - 2012-12-06 18:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job
2015-01-26 18:51 - 2014-10-01 20:04 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Instagram
2015-01-26 18:47 - 2012-07-22 11:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 18:47 - 2012-07-22 11:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 18:47 - 2011-08-25 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 17:46 - 2013-03-16 11:30 - 00007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg
2015-01-26 17:32 - 2010-11-21 07:50 - 00902840 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 17:32 - 2010-11-21 07:50 - 00215232 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 17:32 - 2009-07-14 06:13 - 02165128 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files\Google
2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 17:13 - 2012-01-14 17:39 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\Google
2015-01-26 17:10 - 2012-02-11 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-01-26 17:10 - 2011-11-26 15:31 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2015-01-26 17:08 - 2012-11-13 15:48 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-01-26 17:04 - 2011-12-11 15:18 - 00000000 ____D () C:\Program Files (x86)\WB Games
2015-01-26 17:03 - 2012-08-20 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-01-25 16:05 - 2011-11-03 09:02 - 00000000 ____D () C:\Users\Pia Bausch
2015-01-23 17:24 - 2013-12-14 17:00 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Skype
2015-01-21 20:06 - 2011-02-11 18:45 - 02139408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-20 18:21 - 2011-11-03 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2015-01-15 03:15 - 2013-08-13 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2012-08-09 16:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 11:32 - 2013-08-29 12:53 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-01-12 17:59 - 2014-07-21 16:15 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\FileZilla
2014-12-30 18:49 - 2013-12-14 17:00 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2013-02-26 07:28 - 2013-02-26 07:28 - 0027762 _____ () C:\Program Files\changes.txt
2013-02-26 07:34 - 2013-02-26 07:34 - 2547384 _____ (Beepa P/L) C:\Program Files\fraps.exe
2013-02-26 07:34 - 2013-02-26 07:34 - 0234168 _____ (Beepa P/L) C:\Program Files\fraps32.dll
2013-02-26 07:34 - 2013-02-26 07:34 - 0068792 _____ (Beepa P/L) C:\Program Files\fraps64.dat
2013-02-26 07:34 - 2013-02-26 07:34 - 0186552 _____ (Beepa P/L) C:\Program Files\fraps64.dll
2013-02-26 07:30 - 2013-02-26 07:30 - 0140288 _____ (Beepa P/L) C:\Program Files\frapslcd.dll
2014-11-27 16:04 - 2014-11-27 16:04 - 0000180 _____ () C:\Program Files\FRAPSLOG.TXT
2013-02-26 07:27 - 2013-02-26 07:27 - 0001894 _____ () C:\Program Files\README.HTM
2014-04-13 12:30 - 2014-04-13 15:41 - 0000108 _____ () C:\Users\Pia Bausch\AppData\Roaming\Camdata.ini
2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamLayout.ini
2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamShapes.ini
2014-04-13 12:30 - 2014-04-13 12:33 - 0004535 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamStudio.cfg
2014-04-13 12:29 - 2014-04-13 12:30 - 0000096 _____ () C:\Users\Pia Bausch\AppData\Roaming\version2.xml
2014-01-29 14:54 - 2014-11-17 16:53 - 0000181 _____ () C:\Users\Pia Bausch\AppData\Roaming\WB.CFG
2014-11-29 19:28 - 2014-11-29 19:28 - 0002085 _____ () C:\Users\Pia Bausch\AppData\Local\recently-used.xbel
2013-03-16 11:30 - 2015-01-26 17:46 - 0007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg
2015-01-16 22:10 - 2015-01-24 14:50 - 0000112 _____ () C:\ProgramData\42G8625p.dat

Files to move or delete:
====================
C:\ProgramData\42G8625p.dat


Some content of TEMP:
====================
C:\Users\Pia Bausch\AppData\Local\Temp\Quarantine.exe
C:\Users\Pia Bausch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 03:51

==================== End Of Log ============================
         
--- --- ---



Noch was?
LG Nailimixam

Alt 27.01.2015, 20:18   #10
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2015, 20:43   #11
Nailimixam
 
WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hallo Schrauber,

Seit nun 4 Tagen läuft alles wieder normal und hier hast du die LogFiles:

Nach einem 4 Stunden Scan hast du hier einmal das ESET File:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9bc18d6d79fe504bb54934c2ab30458d
# engine=22191
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-28 07:36:26
# local_time=2015-01-28 08:36:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47535192 174103636 0 0
# scanned=165522
# found=9
# cleaned=0
# scan_time=5346
sh=76F8B6DA213CC978ED725C6692C923DAC98F376A ft=1 fh=50739a65f3f6c9e3 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\uninstall.exe.vir"
sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll.vir"
sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe.vir"
sh=76B997BE33132963D2D177908AB15DC0C69C7E89 ft=1 fh=b39dacf1316c7436 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe.vir"
sh=CB5FE6296C4D941C0D43D41F59BB19163C55ED77 ft=1 fh=30812d360a4b1b62 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\Security Systems\uninstaller.exe.vir"
sh=985AE5B998513B7D9C2749DF15CAE7C04C3BDC9E ft=1 fh=2f9831d32275f6eb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=32EEE1864E49A4FA06A68005D78A42202771D551 ft=1 fh=d4756073afcc2186 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir"
sh=1F4C2E6BCF89CECF7E57FCA218A3ED10A5879828 ft=1 fh=ecb34756e46ac693 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir"
sh=3D31E87F70321B6CB922AC99E29EBC123628DD95 ft=1 fh=c71c0011006e2f22 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla_3.8.1_win32-setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9bc18d6d79fe504bb54934c2ab30458d
# engine=22206
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-29 07:31:02
# local_time=2015-01-29 08:31:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47621268 174189712 0 0
# scanned=394849
# found=68
# cleaned=68
# scan_time=14192
sh=76F8B6DA213CC978ED725C6692C923DAC98F376A ft=1 fh=50739a65f3f6c9e3 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\uninstall.exe.vir"
sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll.vir"
sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe.vir"
sh=76B997BE33132963D2D177908AB15DC0C69C7E89 ft=1 fh=b39dacf1316c7436 vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\BupSystem\bup.exe.vir"
sh=CB5FE6296C4D941C0D43D41F59BB19163C55ED77 ft=1 fh=30812d360a4b1b62 vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Pia Bausch\AppData\Roaming\Security Systems\uninstaller.exe.vir"
sh=985AE5B998513B7D9C2749DF15CAE7C04C3BDC9E ft=1 fh=2f9831d32275f6eb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=32EEE1864E49A4FA06A68005D78A42202771D551 ft=1 fh=d4756073afcc2186 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir"
sh=1F4C2E6BCF89CECF7E57FCA218A3ED10A5879828 ft=1 fh=ecb34756e46ac693 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir"
sh=3D31E87F70321B6CB922AC99E29EBC123628DD95 ft=1 fh=c71c0011006e2f22 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla_3.8.1_win32-setup.exe"
sh=60D983B6E4BBE6948D6D3843B496A16F08EC8732 ft=1 fh=e9f93426d08f6c3e vn="Variante von Win32/InstallCore.IK evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pia Bausch\Downloads\MineCraftSetup.exe"
sh=10E7E2EFE0BEE60E7E739345FB3173EF72B6317E ft=1 fh=7ae656790eead3cc vn="Variante von Win32/AdGazelle.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pia Bausch\Downloads\setup.exe"
sh=40943BBEF6EB8DB24A2E9992B2738E800A1DD817 ft=1 fh=ef4af3541a9ac90b vn="Variante von Win32/TrojanDownloader.Agent.SEQ Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\temp\db25.exe"
sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="Variante von Win64/Adware.Adpeak.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files\003\jzmoeejfme64.exe"
sh=9CC0144E22C42369A64211F8A575BE30220654C3 ft=1 fh=02d73a0dd3fb975b vn="Variante von Win32/AdWare.CouponAmazing.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\xkymsyyrfh.dll"
sh=977B60DEF45F24048D040ECDCAA65BB332C6B449 ft=1 fh=164dad5fc31d40af vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe"
sh=2C8981A59216CCB644BE5FBC92DBB7F8F0188F99 ft=1 fh=6aad921543298e71 vn="Variante von Win32/AdSuproot.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe"
sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll"
sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll"
sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll"
sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll"
sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll"
sh=73098BBBA6CBC76BF206226FBDC659758EAC7F0B ft=1 fh=6c165ff8a046d46e vn="Win32/Adware.Synatix.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Pia Bausch\AppData\LocalLow\systems ie bho\bho.dll"
sh=0E674FAFB4638D9AC4331B408BC7CBAA10365BCF ft=1 fh=088f5814993f5afe vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Pia Bausch\AppData\Roaming\BCQYCY.exe"
sh=D9700A0A02694AE608B22E0D80FC1DDFF69C7CB5 ft=1 fh=7db8db801c48cbad vn="Variante von Win32/Toolbar.CrossRider.AX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Users\Pia Bausch\AppData\Roaming\CJJORAH.exe"
sh=5946107EAC2E4827BB97223C060DC63CAC00EBF6 ft=1 fh=d505eef8383e67ac vn="Variante von Win64/Adware.Adpeak.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe"
sh=76F8B6DA213CC978ED725C6692C923DAC98F376A ft=1 fh=50739a65f3f6c9e3 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\uninstall.exe"
sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll"
sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe"
sh=268979BC94F89E29C10C925824C49D5C9B5B1C09 ft=1 fh=029569cfdc034e29 vn="Variante von Win64/Adware.Adpeak.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1\hmhfslexky64.exe"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65auxstb.dll"
sh=023614C5AD02AA589BB785CA5CF50DCF194C7AA8 ft=1 fh=38e3c675fc09b45d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brstub.dll"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="Variante von Win32/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65datact.dll"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk.dll"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dyn.dll"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65feedmg.dll"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65highin.exe"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65hkstub.dll"
sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65htmlmu.dll"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65httpct.dll"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65idle.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65ieovr.dll"
sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65impipe.exe"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65mlbtn.dll"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65msg.dll"
sh=A62045168FE92EC16E7764ECD96F592D2D63BB7C ft=1 fh=681e62fc23c41c6e vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65Plugin.dll"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65radio.dll"
sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regfft.dll"
sh=C9C4AAE19A349C578399BAC5A5D780ED8BE3AB00 ft=1 fh=b136be0af2d0d6fc vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65reghk.dll"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regiet.dll"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65script.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skin.dll"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65sknlcr.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skplay.exe"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe"
sh=41D9D722E583CBEB3DA15061BE203C4428E6EF60 ft=1 fh=ea5ef91dc0a8d24b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65tpinst.dll"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65uabtn.dll"
sh=1A9718003447798445400B9F6D232AF3077D2A93 ft=1 fh=900c8fac5a4df2da vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CREXT.DLL"
sh=3A657ACEB92289972EFA3565B6FEDD7238C3A4B1 ft=1 fh=bc1ec2ace187a07a vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\CrExtP65.exe"
sh=DAA1C73CAAFEAB79763F1D930CF923FDF0BC17C1 ft=1 fh=d1f5167ec82f0e89 vn="Win32/Toolbar.MyWebSearch.T evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll"
sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTEX.DLL"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL"
sh=A8B583E2BFA2B7E04C3719FF000CCF7151AEEA7F ft=1 fh=c7c54f98ed54b65c vn="Variante von Win32/Toolbar.MyWebSearch.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8HTML.DLL"
sh=6299F84C0BE27BB9FA1F8ED7823B2CCD27F090B5 ft=1 fh=b986eb091e1005cc vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\$RECYCLE.BIN\$R6V6X5E\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8TICKER.DLL"
         
...die checkup.txt Datei:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Trend Micro Client/Server Security Agent   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox 34.0.5 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro OfficeScan Client pccntmon.exe 
 Trend Micro Client Server Security Agent ntrtscan.exe  
 Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe 
 Trend Micro Client Server Security Agent tmlisten.exe  
 Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe 
 Trend Micro BM TMBMSRV.exe  
 Trend Micro Client Server Security Agent TmProxy.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und ein frisches FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Pia Bausch (administrator) on PIABAUSCH on 29-01-2015 20:38:43
Running from C:\Users\Pia Bausch\Desktop\Virus Programme
Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
() C:\Windows\SysWOW64\srvany.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Pia Bausch\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Pia Bausch\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2112536 2013-03-19] (Trend Micro Inc.)
HKLM-x32\...\Run: [OE] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [846672 2010-08-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PLTSpokes.exe] => C:\Program Files (x86)\Plantronics\Spokes3G\PLTSpokes.exe [6579600 2014-10-23] (Plantronics, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://g.uk.msn.com/USREL/8
SearchScopes: HKLM -> {935B0526-B2BB-4248-A009-C85668DE6358} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @talk.google.com/O1DPlugin -> C:\Users\Pia Bausch\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pia Bausch\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1140785117-3275974374-1152227498-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pia Bausch\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: jid1xKH0EoS44u1a2wjetpack - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\jid1-xKH0EoS44u1a2w@jetpack [2014-11-07]
FF Extension: Foxy Security - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\sys@foxysecurity.com [2014-05-30]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-11-16]
FF Extension: NoScript - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Pia Bausch\AppData\Roaming\Mozilla\Firefox\Profiles\455x0jfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012-10-07]
FF HKU\S-1-5-21-1140785117-3275974374-1152227498-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1824800 2013-03-18] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 PlantronicsUpdateService; C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe [1183120 2014-10-23] (Plantronics, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50208 2013-01-11] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R3 TMBMServer; c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-03-13] () [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060904 2013-03-18] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed]
S3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [101416 2010-12-02] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [61992 2010-11-19] (Ericsson AB)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-20] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] () [File not signed]
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] () [File not signed]
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] () [File not signed]
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 20:33 - 2015-01-29 20:33 - 00852573 _____ () C:\Users\Pia Bausch\Desktop\SecurityCheck.exe
2015-01-28 19:05 - 2015-01-28 19:05 - 02347384 _____ (ESET) C:\Users\Pia Bausch\Desktop\esetsmartinstaller_deu.exe
2015-01-28 19:05 - 2015-01-28 19:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-27 16:40 - 2015-01-27 16:40 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 16:21 - 2015-01-27 16:31 - 00000000 ____D () C:\AdwCleaner
2015-01-27 15:19 - 2015-01-27 15:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 15:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 15:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 15:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 21:58 - 2015-01-26 21:58 - 00044901 _____ () C:\ComboFix.txt
2015-01-26 21:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-26 21:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-26 21:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-26 21:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-26 21:18 - 2015-01-26 21:58 - 00000000 ____D () C:\Qoobox
2015-01-26 21:17 - 2015-01-26 21:56 - 00000000 ____D () C:\Windows\erdnt
2015-01-26 21:04 - 2015-01-26 21:04 - 05609462 ____R (Swearware) C:\Users\Pia Bausch\Desktop\ComboFix.exe
2015-01-26 18:20 - 2015-01-26 18:20 - 00001373 _____ () C:\Users\Pia Bausch\Desktop\Minecraft.lnk
2015-01-26 17:37 - 2015-01-29 20:38 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Virus Programme
2015-01-26 16:46 - 2015-01-26 16:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default\AppData\Roaming\WB.CFG
2015-01-25 21:53 - 2015-01-25 21:53 - 00000074 _____ () C:\Users\Default User\AppData\Roaming\WB.CFG
2015-01-25 16:09 - 2015-01-29 20:39 - 00000000 ____D () C:\FRST
2015-01-25 16:05 - 2015-01-25 16:05 - 00000000 _____ () C:\Users\Pia Bausch\defogger_reenable
2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-24 13:43 - 2015-01-24 13:43 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 _____ () C:\autoexec.bat
2015-01-20 20:21 - 2015-01-20 20:21 - 00000000 __SHD () C:\Users\Pia Bausch\AppData\Local\EmieBrowserModeList
2015-01-20 19:53 - 2015-01-20 19:53 - 00000000 ____D () C:\sh4ldr
2015-01-20 19:52 - 2015-01-26 17:19 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-20 19:52 - 2015-01-20 19:52 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-16 22:10 - 2015-01-24 14:50 - 00000112 _____ () C:\ProgramData\42G8625p.dat
2015-01-14 16:19 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:19 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-12 18:35 - 2015-01-12 18:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-12 17:44 - 2015-01-12 17:44 - 06388344 _____ (Tim Kosse) C:\Users\Pia Bausch\Downloads\FileZilla_3.10.0_win32-setup.exe
2014-12-30 18:49 - 2014-12-30 18:49 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-30 18:49 - 2014-12-30 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 20:22 - 2012-01-14 17:39 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 20:21 - 2012-12-06 18:14 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000UA.job
2015-01-29 20:05 - 2014-11-25 19:18 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\.minecraft
2015-01-29 19:58 - 2014-10-01 20:04 - 00000000 ____D () C:\Users\Pia Bausch\Desktop\Instagram
2015-01-29 19:47 - 2012-07-22 11:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 19:45 - 2011-08-25 09:10 - 01464615 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 19:22 - 2012-01-14 17:39 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 19:21 - 2012-12-06 18:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140785117-3275974374-1152227498-1000Core.job
2015-01-29 16:37 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 16:37 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 16:29 - 2014-05-19 16:38 - 00000000 ___RD () C:\Users\Pia Bausch\Google Drive
2015-01-29 16:28 - 2014-12-05 15:37 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\LogMeIn Hamachi
2015-01-29 16:28 - 2011-08-25 16:57 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-29 16:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 16:26 - 2009-07-14 05:51 - 00169112 _____ () C:\Windows\setupact.log
2015-01-28 18:57 - 2010-11-21 04:47 - 00728466 _____ () C:\Windows\PFRO.log
2015-01-27 16:31 - 2012-03-14 18:52 - 00005019 _____ () C:\Windows\TMFilter.log
2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1
2015-01-27 16:17 - 2014-11-03 17:08 - 00000000 ____D () C:\Program Files (x86)\E52BA74C-5F88-4F08-A1B8-3FC89D881FD1
2015-01-27 16:17 - 2014-04-13 12:29 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-01-26 21:58 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-26 21:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-26 21:38 - 2009-07-14 03:34 - 98041856 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 22020096 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-26 21:38 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-26 18:47 - 2012-07-22 11:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 18:47 - 2012-07-22 11:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 18:47 - 2011-08-25 16:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 17:46 - 2013-03-16 11:30 - 00007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg
2015-01-26 17:32 - 2010-11-21 07:50 - 00902840 _____ () C:\Windows\system32\perfh007.dat
2015-01-26 17:32 - 2010-11-21 07:50 - 00215232 _____ () C:\Windows\system32\perfc007.dat
2015-01-26 17:32 - 2009-07-14 06:13 - 02165128 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files\Google
2015-01-26 17:27 - 2012-01-14 17:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 17:13 - 2012-01-14 17:39 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Local\Google
2015-01-26 17:10 - 2012-02-11 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-01-26 17:10 - 2011-11-26 15:31 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2015-01-26 17:08 - 2012-11-13 15:48 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-01-26 17:04 - 2011-12-11 15:18 - 00000000 ____D () C:\Program Files (x86)\WB Games
2015-01-26 17:03 - 2012-08-20 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Media
2015-01-25 16:05 - 2011-11-03 09:02 - 00000000 ____D () C:\Users\Pia Bausch
2015-01-23 17:24 - 2013-12-14 17:00 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\Skype
2015-01-21 20:06 - 2011-02-11 18:45 - 02139408 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-20 18:21 - 2011-11-03 09:03 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2015-01-15 03:15 - 2013-08-13 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2012-08-09 16:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 11:32 - 2013-08-29 12:53 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-01-12 17:59 - 2014-07-21 16:15 - 00000000 ____D () C:\Users\Pia Bausch\AppData\Roaming\FileZilla
2014-12-30 18:49 - 2013-12-14 17:00 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2013-02-26 07:28 - 2013-02-26 07:28 - 0027762 _____ () C:\Program Files\changes.txt
2013-02-26 07:34 - 2013-02-26 07:34 - 2547384 _____ (Beepa P/L) C:\Program Files\fraps.exe
2013-02-26 07:34 - 2013-02-26 07:34 - 0234168 _____ (Beepa P/L) C:\Program Files\fraps32.dll
2013-02-26 07:34 - 2013-02-26 07:34 - 0068792 _____ (Beepa P/L) C:\Program Files\fraps64.dat
2013-02-26 07:34 - 2013-02-26 07:34 - 0186552 _____ (Beepa P/L) C:\Program Files\fraps64.dll
2013-02-26 07:30 - 2013-02-26 07:30 - 0140288 _____ (Beepa P/L) C:\Program Files\frapslcd.dll
2014-11-27 16:04 - 2014-11-27 16:04 - 0000180 _____ () C:\Program Files\FRAPSLOG.TXT
2013-02-26 07:27 - 2013-02-26 07:27 - 0001894 _____ () C:\Program Files\README.HTM
2014-04-13 12:30 - 2014-04-13 15:41 - 0000108 _____ () C:\Users\Pia Bausch\AppData\Roaming\Camdata.ini
2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamLayout.ini
2014-04-13 12:30 - 2014-04-13 15:41 - 0000408 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamShapes.ini
2014-04-13 12:30 - 2014-04-13 12:33 - 0004535 _____ () C:\Users\Pia Bausch\AppData\Roaming\CamStudio.cfg
2014-04-13 12:29 - 2014-04-13 12:30 - 0000096 _____ () C:\Users\Pia Bausch\AppData\Roaming\version2.xml
2014-01-29 14:54 - 2014-11-17 16:53 - 0000181 _____ () C:\Users\Pia Bausch\AppData\Roaming\WB.CFG
2014-11-29 19:28 - 2014-11-29 19:28 - 0002085 _____ () C:\Users\Pia Bausch\AppData\Local\recently-used.xbel
2013-03-16 11:30 - 2015-01-26 17:46 - 0007597 _____ () C:\Users\Pia Bausch\AppData\Local\resmon.resmoncfg
2015-01-16 22:10 - 2015-01-24 14:50 - 0000112 _____ () C:\ProgramData\42G8625p.dat

Files to move or delete:
====================
C:\ProgramData\42G8625p.dat


Some content of TEMP:
====================
C:\Users\Pia Bausch\AppData\Local\Temp\Quarantine.exe
C:\Users\Pia Bausch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 03:51

==================== End Of Log ============================
         
--- --- ---


Und wie schauts nun aus?
LG Nailimixam

Geändert von Nailimixam (29.01.2015 um 20:49 Uhr)

Alt 30.01.2015, 08:59   #12
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Java, Adobe und Fierof updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\ProgramData\42G8625p.dat
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.01.2015, 12:23   #13
Nailimixam
 
WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Hallo Schrauber,
Vielen Dank, dass du mir geholfen hast, es sind auch sehr nützkiche Programme dabei die mir auch weiterhin helfen können.

Hier ist der Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Pia Bausch at 2015-01-30 11:52:18 Run:1
Running from C:\Users\Pia Bausch\Desktop\Virus Programme
Loaded Profiles: Pia Bausch (Available profiles: Pia Bausch & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\ProgramData\42G8625p.dat
Emptytemp:
*****************

SpyHunter 4 Service => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\ProgramData\42G8625p.dat => Moved successfully.
EmptyTemp: => Removed 956.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:53:37 ====
         
Werde diese Seite auf jeden Fall meinen Freunden weiterempfehlen!
LG Nailimixam

Alt 30.01.2015, 14:30   #14
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 7: Zugriff auf Dateien nicht mehr möglich - Standard

WIN 7: Zugriff auf Dateien nicht mehr möglich



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu WIN 7: Zugriff auf Dateien nicht mehr möglich
abgesicherten, ausführung, compatibilitycheck.exe, dateien, desktop, fehlermeldung, funktioniert, gesucht, hintergrund, langsamer, log, logfiles, namen, nicht mehr, problem, scan, scanner, seltsam, taskmanager, virenscan, virenscanner, win, win 7 64 bit, woche, wochen, zugriff, öffnen, öffnen von dateien nicht möglich




Ähnliche Themen: WIN 7: Zugriff auf Dateien nicht mehr möglich


  1. Rechtsklick auf Dateien nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 07.05.2015 (5)
  2. Zugriff auf www.ntsvcfg.de nicht möglich
    Alles rund um Windows - 22.02.2014 (3)
  3. Wegen GVU Trojaner kein Zugriff mehr auf meinen PC möglich
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (33)
  4. GVU Trojaner, kein Zugriff mehr möglich
    Log-Analyse und Auswertung - 19.02.2013 (5)
  5. TROJANER - kein Zugriff auf Desktop mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  6. BOO/TDss.O - Kein Zugriff auf Dateien mehr
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (25)
  7. Trojaner durch E-Mail eingefangen - Zugriff auf Rechner nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (5)
  8. Gema-Trojaner, kein Zugriff auf Rechner mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (2)
  9. Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (13)
  10. Windows Firewall - kein Zugriff mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)
  11. externe festplatte, kein zugriff auf dateien möglich
    Log-Analyse und Auswertung - 29.12.2011 (38)
  12. Kein Internetzugang oder Zugriff auf Router mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (22)
  13. Virus dank Malwarebytes weg - alle Dateien noch da, aber kein Zugriff möglich
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (10)
  14. Nach Virusmeldung kein Zugriff mehr auf Dateien/Dateien nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (1)
  15. Virusfund, kein Zugriff auf Windows Updates mehr möglich!
    Plagegeister aller Art und deren Bekämpfung - 15.11.2010 (28)
  16. Avira Antivir startet nicht mehr - Download von Dateien nicht mehr möglich
    Log-Analyse und Auswertung - 06.10.2010 (34)
  17. Zugriff auf Internet nicht mehr möglich!
    Log-Analyse und Auswertung - 05.01.2009 (0)

Zum Thema WIN 7: Zugriff auf Dateien nicht mehr möglich - Hallo, mein PC verhält sich seit 1-2 Wochen seltsam: - zuerst wurde er immer langsamer, Rechenleistung war halbiert - im Hintergrund sah ich über Taskmanager 20 geöffnete Dateien mit dem - WIN 7: Zugriff auf Dateien nicht mehr möglich...
Archiv
Du betrachtest: WIN 7: Zugriff auf Dateien nicht mehr möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.