Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.05.2015, 10:40   #16
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Hi,

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
R2 loz; c:\windows\loz.exe [417792 2015-05-01] () [File not signed]
R2 mloz; c:\windows\mloz.exe [408576 2015-05-01] () [File not signed]
Task: {DDAE3D4C-F273-4BB6-BF80-52291BBED741} - \SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32 No Task File 
2015-05-01 03:40 - 2015-05-01 03:40 - 00417792 _____ () c:\windows\loz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00408576 _____ () c:\windows\mloz.exe
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_p_soft_partner.lnk [2015-05-01]
C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> URL hxxp://search.conduit.com/Results.aspx?
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> 
FF NewTab: about:newtab
S2 cipyjywi; No ImagePath
S2 kygyhosy; No ImagePath
2015-05-01 04:03 - 2015-05-01 04:03 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Torsten\Downloads\SpyHunter-Installer.exe
2015-05-01 03:43 - 2015-05-01 03:44 - 00000000 ___HD () C:\ProgramData\loz
2015-05-01 03:41 - 2015-05-02 15:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-01 03:40 - 2015-05-01 03:40 - 00631296 _____ () C:\Windows\loz.dat
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Nach dem Reboot:
Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.05.2015, 10:51   #17
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Guten Morgen,
ich habe FRST64 direkt auf dem Desktop abgespeichert. Also speichere ich auch die Fixlist.txt direkt auf dem Desktop?
Grüße Torsten
__________________


Alt 03.05.2015, 10:52   #18
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Genau.
__________________
__________________

Alt 03.05.2015, 11:02   #19
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Danke. Hier zunächst der Fiaxlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01
Ran by Torsten at 2015-05-03 11:57:22 Run:1
Running from C:\Users\Torsten\Desktop
Loaded Profiles: Torsten &  (Available profiles: Torsten & Teaching)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
R2 loz; c:\windows\loz.exe [417792 2015-05-01] () [File not signed]
R2 mloz; c:\windows\mloz.exe [408576 2015-05-01] () [File not signed]
Task: {DDAE3D4C-F273-4BB6-BF80-52291BBED741} - \SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32 No Task File 
2015-05-01 03:40 - 2015-05-01 03:40 - 00417792 _____ () c:\windows\loz.exe
2015-05-01 03:40 - 2015-05-01 03:40 - 00408576 _____ () c:\windows\mloz.exe
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_p_soft_partner.lnk [2015-05-01]
C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> URL hxxp://search.conduit.com/Results.aspx?
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> 
FF NewTab: about:newtab
S2 cipyjywi; No ImagePath
S2 kygyhosy; No ImagePath
2015-05-01 04:03 - 2015-05-01 04:03 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Torsten\Downloads\SpyHunter-Installer.exe
2015-05-01 03:43 - 2015-05-01 03:44 - 00000000 ___HD () C:\ProgramData\loz
2015-05-01 03:41 - 2015-05-02 15:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-01 03:40 - 2015-05-01 03:40 - 00631296 _____ () C:\Windows\loz.dat
         
*****************

Processes closed successfully.
loz => Service deleted successfully.
mloz => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDAE3D4C-F273-4BB6-BF80-52291BBED741}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDAE3D4C-F273-4BB6-BF80-52291BBED741}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333830363739333338312d3223572a23456c4155572a32" => Key deleted successfully.
c:\windows\loz.exe => Moved successfully.
c:\windows\mloz.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_p_soft_partner.lnk => Moved successfully.
"C:\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}" => File/Directory not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKU\SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> => Value not found.
Firefox newtab deleted successfully.
cipyjywi => Service deleted successfully.
kygyhosy => Service deleted successfully.
C:\Users\Torsten\Downloads\SpyHunter-Installer.exe => Moved successfully.
C:\ProgramData\loz => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Windows\loz.dat => Moved successfully.


The system needed a reboot. 

==== End of Fixlog 11:57:23 ====
         

Alt 03.05.2015, 11:03   #20
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Sehr schön...Bis in paar Stunden...ESET dauert länger..

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.05.2015, 15:55   #21
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Hier endlich auch der ESET-Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=76ccb8d3d4d39d4dac59a12e87fa1bf1
# engine=23669
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-03 02:43:48
# local_time=2015-05-03 04:43:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7043603 71977544 0 0
# scanned=266064
# found=138
# cleaned=0
# scan_time=16522
sh=0A009D8DA622A1A2DB4BAF051C0441D4021765E5 ft=1 fh=7f2a2d5dd5e8ba42 vn="Variante von Win32/SBWatchman.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SBIEBrowserHelperObject.dll.vir"
sh=E42659C42C0591D9A55E0CCC37413B0011A25C26 ft=1 fh=fb7aaad1e489b005 vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SCHelper.exe.vir"
sh=CCBF0C0C15F236B63C9F829F1BE0C25B6AF360BD ft=1 fh=6eb024b91db32f2b vn="Variante von Win32/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll.vir"
sh=D4DEF43D34A50724547FA6E9A0E5200CC7C7BB5A ft=1 fh=5a5b69355bcd15a7 vn="Variante von Win64/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll.vir"
sh=8D4ACEB8F0B8BE7203E9B09514BA28D71EF586EF ft=1 fh=125e495a4157cbe4 vn="Variante von Win32/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe.vir"
sh=97EE51A46106D454D701BB00EE80DBFEC1BC9F9E ft=1 fh=2994b1c63529dce5 vn="Variante von MSIL/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe.vir"
sh=00533CE2E02BBDA2119F29DB67435F3DAF0355FF ft=1 fh=37599c04e72db223 vn="Variante von Win64/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe.vir"
sh=6EB85D3626585930710331FCF4EB16ADB05374A1 ft=1 fh=ef36771c1e38706b vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe.vir"
sh=DB201591E58AE9445A157A273B8D9C8764D2C84A ft=1 fh=c71c0011af3eb680 vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe.vir"
sh=09D00A5CDCB571DFE33792D44ECF023AD3F238B2 ft=1 fh=b363f0539d0d920a vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir"
sh=2A1030059CAB38FF92731F8040BE038A44890078 ft=1 fh=8f88ff1b171f99f6 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu64.dll.vir"
sh=B3B169E220BD591802B05759ADEE1C353E15B112 ft=1 fh=9d6c1fda665ceb54 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir"
sh=014302BCFCE8E95F675D856ADC42614B6769BD78 ft=1 fh=d796cde0598a222b vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir"
sh=0E7CC420B0BE38296EF8516DC3786361119F1F5F ft=1 fh=02f58beb2edcfbd2 vn="Win32/AlteredSoftware.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir"
sh=01C53FBC0030066FE9032FEC431D9EA26B5811CC ft=1 fh=af8c82510ee8e748 vn="Win32/AlteredSoftware.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir"
sh=A565AA91F7873179776579995E9F4D2B2894AE5A ft=1 fh=22e3a81795d8fb05 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir"
sh=F1A0D0D29F924A24AF0F0521CF6F9A9150A10ECC ft=1 fh=22e3a817befc6b5a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir"
sh=16280307A222CE1B3EFD3DF1E6CFCC99E69756C6 ft=1 fh=c71c001192caf50d vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir"
sh=75D4CEA485C4A102708AA39A773CCD28C907EE80 ft=1 fh=d9cdf1c8ff17595a vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir"
sh=5F28C730EE0C88818687C17694F872D853C16AE4 ft=1 fh=c71c0011fea7552e vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir"
sh=EDB4A6C7E75E18ACB805418EFFD78267BB2F37C4 ft=1 fh=c71c001126306ac8 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir"
sh=399CE73FBD27EABB303FD899656E3C66C55B3F29 ft=1 fh=c71c001160921a34 vn="Variante von Win32/AlteredSoftware.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir"
sh=6AA0E22699B2E8D6C644F2CAAED9561DD6229362 ft=1 fh=9e53404adbf6d918 vn="Variante von Win32/Packed.Komodia.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\ABDLL.dll.vir"
sh=59CAF453F6EB81A5436F4426C08219E4696B8FCB ft=1 fh=95ae5d39d3ca602c vn="Variante von Win32/Packed.Komodia.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\abenginecert.dll.vir"
sh=754B75E6B64D6B01129361DD40BBD3B61EB4D1C6 ft=1 fh=5515f5076d96fb29 vn="Variante von Win32/Packed.Komodia.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\abenginewd.dll.vir"
sh=0119B4C28815D7986DA549D5F7DCA0718A9E3FD8 ft=1 fh=4311010adafd499b vn="Win32/Adware.Flinject.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\iren3006.exe.vir"
sh=3D3FB1021F53286399C8F227F344F0DD44C1137C ft=1 fh=c71c0011058c98f3 vn="Variante von Win32/Toolbar.CrossRider.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-6.exe.vir"
sh=C496E321A4A48CF57B751387D6021D94B0C1D711 ft=1 fh=f6b4f78cc3b57a2b vn="Variante von Win32/Toolbar.CrossRider.CD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-1-7.exe.vir"
sh=ECCD52629CBC101DF4F63F40AB5372D100EE3C16 ft=1 fh=c71c001116c21ea0 vn="Variante von Win32/Toolbar.CrossRider.CD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-10.exe.vir"
sh=84E1F715F88AB6762DA42D551C1A1432059E8EBC ft=1 fh=3051e2e0fab553a7 vn="Variante von Win32/Toolbar.CrossRider.CB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-4.exe.vir"
sh=035190FEF4B61EBE5304370398D7D23FC6CA4D04 ft=1 fh=2bb6da212426930b vn="Variante von Win32/Toolbar.CrossRider.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d-5.exe.vir"
sh=FC35CD9EA674BF8881CF423B893C004B1B175F34 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\685d9cb1-bf20-4bd7-9fa8-ea3d9dbba18d.xpi.vir"
sh=775AC82EAAA4E99360FC292AAC451EDFA1DD743D ft=1 fh=75298b43af57740c vn="Variante von Win32/Packed.VMDetector.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\I - Cinema\utils.exe.vir"
sh=207B7546B66FCE655B28C50550C6DA54FD30C65E ft=1 fh=7f1f1c11ee26ee3c vn="Variante von Win32/Adware.Vitruvian.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe.vir"
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=01C9B3D0E073B824021B29F1FD957A8643DF6931 ft=1 fh=9d9cb38b273b86fe vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll.vir"
sh=E77CA95E7AD71424D46A74A40A3F8457A3F03291 ft=1 fh=500b4b33c829f885 vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll.vir"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe.vir"
sh=0FF3588ECB69D2B18C6FAEC012672CA2F60314F6 ft=1 fh=731190b7425307d6 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbprtct.dll.vir"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe.vir"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="Variante von Win32/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll.vir"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll.vir"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll.vir"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll.vir"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe.vir"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll.vir"
sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll.vir"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll.vir"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll.vir"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll.vir"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe.vir"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe.vir"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll.vir"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll.vir"
sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll.vir"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll.vir"
sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zregfft.dll.vir"
sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll.vir"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll.vir"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll.vir"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll.vir"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll.vir"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe.vir"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll.vir"
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe.vir"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll.vir"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll.vir"
sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe.vir"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL.vir"
sh=FF9F058B12B6C4D9B6256304FA9078E391C7F32C ft=1 fh=6022d103b074fe9f vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe.vir"
sh=244414D9D39E114E7989C3B35A5FF038508ECFC1 ft=1 fh=0cbd734d892ac7d4 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\DPNMNGR.DLL.vir"
sh=6FF50369661027A1CD5F5E465F78C78913FF84CC ft=1 fh=c941e5f2ec9d2835 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\EXEMANAGER.DLL.vir"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll.vir"
sh=C741B87F4335812DB4E020A1694EEC022479789C ft=1 fh=7cba7ca55e04bc4b vn="Win32/Toolbar.MyWebSearch.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll.vir"
sh=2F938D8C9A5D3C9C239793346D43193BA1CBFCD6 ft=1 fh=929bde520a5aa0d2 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL.vir"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL.vir"
sh=7BBFF8810BB79104FE275FBBF7DE48DCBD877E01 ft=1 fh=946da15070ee37db vn="Variante von Win32/Toolbar.MyWebSearch.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL.vir"
sh=2E85C71E79C5B2A65D8CCDD5B21AFE559102062F ft=1 fh=68336e5d9907ad1c vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL.vir"
sh=D0787BEAE97CE99982E7F5000772831421FD48E4 ft=1 fh=b650850bda28ebe2 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\VERIFY.DLL.vir"
sh=810C1517C36278077DAB711A8F81B9F9D08E43F0 ft=1 fh=d5a7903e1ff68e8e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=7E105A4FE49D55CB3B71D8A91E6AD207E3BE1976 ft=1 fh=c5e772386234733f vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.DH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=07097986407A53ADBFC7C2A6BCCBACF41F8971B7 ft=1 fh=f231f1e4c2bc3212 vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=4E409DDB2156AF741787458B35CECE4AC41FD8B0 ft=1 fh=33cac8fcf432a6a1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=4E26DB266B754B627810C44A82C7484086F1CB3E ft=1 fh=8c26b72adef72cc0 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=443E85926A955DB76F781D664702BB9D09D99E3E ft=1 fh=866e3f1468aa3f56 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=EBAE57304D8BC52946AA431D2029377FBC9FDC2E ft=1 fh=8d25a6b81fa43057 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir"
sh=0CE04FFBA8CD34D050932CC5187459EE1A41E5A3 ft=1 fh=e85f48ef4dbf2ac4 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe.vir"
sh=FF41D0AA73B1FDA9A49FEF0B1F4C33AD84A69423 ft=1 fh=503f20edada4f81d vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir"
sh=48A1CCDE888C6E2B23BBA840802A90DC1E046785 ft=1 fh=68b3f4c1eac91edf vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir"
sh=FA6CF53AF311BAFA944BE350368880B1F30E49B7 ft=1 fh=3b93cfa11798f28d vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir"
sh=FE8916C4ED23C1AEFFFA3B26D560D1C3698E8482 ft=1 fh=547478be043d2d64 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys.vir"
sh=93EB42025F9BE0E69FF6B0FE07DC2B447134AAC2 ft=1 fh=b16df4e0aa88024a vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir"
sh=8C03D975CCE19A9E49A76E3BA0D4EBF7C5BF7828 ft=1 fh=4252b0843c1d26e2 vn="Variante von Win32/SBWatchman.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir"
sh=11E615859CCC9AB122E841745EC9E1F78436391A ft=1 fh=ba90a5d00ef6ba7c vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=E5CDD06C50650131591DAE0945340AA6ADC55E02 ft=1 fh=aaaec5f7af2e8f4b vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=A70C63312CBCD0D975236E48372A5F3275A01554 ft=1 fh=b3500ac9ac48c1c9 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=9217E2F9E6372A114D87884691EFED0AA7377E40 ft=1 fh=e18e48c2708385fe vn="Variante von Win32/Adware.MultiPlug.JM Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{b6db3b62-d659-24fe-b6db-b3b62d65ed8b}\priceless_p_soft_partner.exe.vir"
sh=B05F70FA222B67E1B2798F73D6210AE8117A769A ft=1 fh=79b82a07282ea80b vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{edde8b41-5cc6-3f4c-edde-e8b415cc2d05}\hqghumeaylnlf.exe.vir"
sh=C6FCCFA41DC29E9AC6DAD6456CC140C9CB10C22F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\5sd3ty35.default\Extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\91.js.vir"
sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Local\SmartWeb\__u.exe.vir"
sh=988E557E6896F2607B38DE46886057F285BF1904 ft=1 fh=3177e4ef6375e796 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Local\Temp\OCS\ocs_v6y.exe.vir"
sh=FA3ADFE493FA176BA7DA998DA8E3419790C46F40 ft=1 fh=74df84cff1d5e02d vn="Variante von Win32/SweetIM.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\38a9a2bd481c318de68b1ad291d5302f\swe-et-imBundle.exe.vir"
sh=64476405CACAE4EB740BE50CBB1BDDD87F013DE2 ft=1 fh=bc7cdfefa7880706 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Local\Temp\OCS\Downloads\db6c8e043b5806271c5ea5ad27b5c968\c4d410f80408ec7b7223bdca2c6ead32\speedupmypc.exe.vir"
sh=29955938651846BF946B19AD0260BA1B309D8D02 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Local\UnicoBrowser\User Data\Default\Extensions\gkiclangaememfkbdlbjlfnfmohdijjk\1.26.17_0\extensionData\plugins\91.js.vir"
sh=6906D99BB82671908F28D154177E368407AC7BFC ft=1 fh=4e6717361167860b vn="Variante von Win32/Adware.ConvertAd.LA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\nszF974.tmpfs.vir"
sh=0E83C4A5F4EB9036EE67A24A4AA0F334AE4DAB77 ft=1 fh=7f51f3183161f00d vn="Variante von Win32/Adware.ConvertAd.KZ.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\B63BBC13-1430446553-A127-DB63-31137A137A6C\vnsj997F.tmp.vir"
sh=C6FCCFA41DC29E9AC6DAD6456CC140C9CB10C22F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\MGKN37049485@ACPSC11936960.com\extensionData\plugins\91.js.vir"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\OpenCandy\A0776E21EBF145E99F27F4C0F1E51383\sp-downloader.exe.vir"
sh=29E42A61A6BE387A24C035693D509D873C02D916 ft=1 fh=b326822ef8b4edbf vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\OpenCandy\BB3F104C190B4FE5B71EE5C5FFCACB5A\speedupmypcDE.exe.vir"
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\OpenCandy\DA5D43E518DD4ECEAC5E7F19E933BB66\SSStub_SearchProtect_p1v0.exe.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=CCDFEE87B0A44C2DC94247FD64A46633479966E2 ft=1 fh=8ea0c674691f6066 vn="Win32/VOPackage.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Torsten\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=F5107D4315C28F6E6A0F94CAD8414D0EE4B1B1E5 ft=1 fh=36723e1fa1633655 vn="Variante von Win32/Amonetize.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\c\ProgramData\loz\F5BF792C29F14D83967D0206E43887B3\setup.exe"
sh=0EC30DF742984EA79C49703698D5777B1BCC6F42 ft=1 fh=e77459d120c26c8f vn="Variante von Win32/TrojanDownloader.Adcurl.A Trojaner" ac=I fn="C:\FRST\Quarantine\c\windows\loz.exe.xBAD"
sh=EF9EFF63DC9DFAA7F9E7243546073A844D351377 ft=1 fh=ea123f4d307c0964 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Torsten\Downloads\MediathekView - CHIP-Installer.exe"
sh=00FB3A042A180888F00D8A3DED3F968D62C66FF7 ft=1 fh=c0474d427642ff8f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Torsten\Downloads\Paint NET - CHIP-Installer.exe"
sh=12B073E0671CF59D1F0ABCC4DA06ED03D773BB7D ft=1 fh=07d34c3bda920e56 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Torsten\Downloads\PowerPoint Viewer - CHIP-Installer(1).exe"
sh=5A16742B125B1B57E68F5E6DFCC57F14C93C2172 ft=1 fh=09b27f6a94e462e1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Torsten\Downloads\ProxTube Firefox.exe"
sh=45FCE453799F5C9325959AC55FFD442A714AD0DC ft=1 fh=9ec8e296cce51c5e vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\Torsten\Downloads\vlc-2.0.3-win32.exe"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Torsten_AppData_Roaming_m05cG0IkR3XvF8.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Torsten_AppData_Roaming_OoANG5Rb7VhFysX0ilN9XzYh.vir"
sh=1006F68BBDD4CDA69C8D0E6A066A52A354456340 ft=1 fh=370122eec8520dbe vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Datensicherung\Video\xxx\Downloads\vlc_1.0.5_win32.exe"
sh=1006F68BBDD4CDA69C8D0E6A066A52A354456340 ft=1 fh=370122eec8520dbe vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Filme\Video\xxx\Downloads\vlc_1.0.5_win32.exe"
         
Der hat nochmal 138 Bedrohungen gefunden. Hatte eigentlich gehofft, schon fast sauber zu sein ...

Und letztlich der FRST-log

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Torsten (administrator) on TORSTEN-HP on 03-05-2015 16:52:39
Running from C:\Users\Torsten\Desktop
Loaded Profiles: Torsten (Available profiles: Torsten & Teaching)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Ocs_SM] => C:\Users\Torsten\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\Run: [Facebook Update] => C:\Users\Torsten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-20] (Facebook Inc.)
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\...\MountPoints2: {5a8c3d5d-97bd-11e3-8c6c-74de2bacd106} - G:\LaunchU3.exe -a
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Torsten\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3863440553-3622452381-3390168598-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-25] (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3863440553-3622452381-3390168598-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\duckduckgo.xml [2013-06-26]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-images.xml [2014-12-13]
FF SearchPlugin: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\searchplugins\google-maps.xml [2014-12-13]
FF Extension: Myanmar Converter - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\myanmar-converter@thanlwinsoft.org [2013-12-10]
FF Extension: EPUBReader - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-18]
FF Extension: ProxTube - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: DuckDuckGo Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-06-26]
FF Extension: Test Pilot - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-06-20]
FF Extension: Adblock Plus - C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-25]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3863440553-3622452381-3390168598-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 12:04 - 2015-05-03 12:04 - 02347384 _____ (ESET) C:\Users\Torsten\Desktop\esetsmartinstaller_deu.exe
2015-05-02 21:03 - 2015-05-02 21:03 - 00000000 ____D () C:\Users\Torsten\AppData\Local\PDFC
2015-05-02 20:47 - 2015-05-02 19:19 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-02 19:31 - 2015-05-02 21:02 - 00018660 _____ () C:\zoek-results.log
2015-05-02 19:19 - 2015-05-02 20:59 - 00000000 ____D () C:\zoek_backup
2015-05-02 19:10 - 2015-05-02 19:10 - 01305600 _____ () C:\Users\Torsten\Desktop\zoek.exe
2015-05-02 17:12 - 2015-05-02 17:12 - 02785665 _____ (PortableApps.com) C:\Users\Torsten\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-05-02 16:06 - 2015-05-03 16:18 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 16:06 - 2015-05-02 16:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 16:02 - 2015-05-02 16:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Teaching\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-02 15:50 - 2015-05-02 15:50 - 02204160 _____ () C:\Users\Teaching\Desktop\adwcleaner_4.203.exe
2015-05-02 15:36 - 2015-05-02 16:24 - 00000000 ____D () C:\Users\Teaching\Desktop\RevoUninstallerPortable
2015-05-02 15:34 - 2015-05-02 15:34 - 02785665 _____ (PortableApps.com) C:\Users\Teaching\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-05-01 13:17 - 2015-05-03 16:52 - 00020738 _____ () C:\Users\Torsten\Desktop\FRST.txt
2015-05-01 13:08 - 2015-05-02 21:07 - 00042828 _____ () C:\Users\Torsten\Desktop\Addition.txt
2015-05-01 13:05 - 2015-05-03 16:52 - 00000000 ____D () C:\FRST
2015-05-01 13:05 - 2015-05-01 13:05 - 00002256 _____ () C:\Users\Torsten\Desktop\Hotmail.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002252 _____ () C:\Users\Torsten\Desktop\Amazon.lnk
2015-05-01 13:04 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Desktop\FRST64.exe
2015-05-01 13:03 - 2015-05-01 13:03 - 02101248 _____ (Farbar) C:\Users\Torsten\Downloads\FRST64.exe
2015-05-01 04:42 - 2015-05-01 04:42 - 00000000 ____D () C:\ProgramData\c3b54530000537e
2015-05-01 04:28 - 2015-05-01 04:28 - 00000815 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-05-01 04:13 - 2015-05-01 04:13 - 00003166 _____ () C:\Windows\System32\Tasks\{197C4A28-5810-4C42-944B-909B35B74110}
2015-04-30 18:43 - 2015-04-30 18:43 - 14400913 _____ () C:\Users\Torsten\Downloads\video-1430406369.mp4.mp4
2015-04-25 15:53 - 2015-04-25 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 23:10 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 23:10 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 23:10 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 23:10 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 23:10 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 23:10 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 23:10 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 23:10 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 23:10 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 23:10 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:10 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 23:09 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 23:09 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 23:09 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 23:09 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 23:09 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 23:09 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 23:09 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 23:09 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 23:09 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:09 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 23:09 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:09 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:09 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 23:09 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:09 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 23:09 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 23:09 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 23:09 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 23:09 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 23:09 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 23:09 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 23:09 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 23:09 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 23:08 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:08 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 23:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 23:17 - 2015-04-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 16:15 - 2014-09-20 18:44 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job
2015-05-03 15:27 - 2012-05-07 17:13 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{307F94D9-B34C-4617-AD2B-73B8502BE40E}
2015-05-03 15:23 - 2011-11-09 15:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-03 15:23 - 2011-11-09 14:37 - 01883871 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 13:12 - 2014-12-10 17:29 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForTorsten.job
2015-05-03 13:11 - 2014-12-10 17:29 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTorsten
2015-05-03 12:07 - 2011-05-09 22:12 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 12:07 - 2011-05-09 22:12 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 12:07 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 12:07 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:07 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:00 - 2012-05-07 17:31 - 00000000 ___RD () C:\Users\Torsten\Dropbox
2015-05-03 12:00 - 2012-05-07 17:24 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Dropbox
2015-05-03 12:00 - 2011-05-09 12:38 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-03 11:58 - 2012-09-17 15:51 - 00056214 _____ () C:\Windows\setupact.log
2015-05-03 11:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 11:57 - 2014-09-20 18:44 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job
2015-05-03 11:46 - 2012-05-07 17:14 - 00000000 ____D () C:\Users\Torsten\Documents\Bluetooth Folder
2015-05-02 20:59 - 2014-05-13 12:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-02 20:59 - 2012-10-14 09:48 - 00287062 _____ () C:\Windows\PFRO.log
2015-05-02 20:58 - 2012-05-12 00:53 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\SoftGrid Client
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-02 20:16 - 2012-06-18 15:15 - 00000000 ____D () C:\Users\Torsten\AppData\Local\CrashDumps
2015-05-02 18:04 - 2014-08-24 22:14 - 00000000 ____D () C:\Users\Teaching\Documents\Bluetooth Folder
2015-05-02 17:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2015-05-02 17:02 - 2014-08-24 22:17 - 00000000 ___RD () C:\Teaching
2015-05-02 15:56 - 2014-05-13 13:44 - 00000000 ____D () C:\AdwCleaner
2015-05-02 15:56 - 2013-10-13 19:46 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-02 15:56 - 2012-05-07 17:13 - 00001186 _____ () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-02 15:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-02 15:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-02 15:55 - 2012-05-07 16:14 - 00000000 ____D () C:\Users\Torsten
2015-05-02 15:27 - 2014-08-24 22:14 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FFD84C7-6732-4C5B-A72B-D723AB6E6469}
2015-05-02 15:23 - 2014-08-24 22:14 - 00001595 _____ () C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 12:50 - 2012-09-20 11:21 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\vlc
2015-05-01 12:41 - 2012-05-09 14:41 - 00000000 ____D () C:\Users\Torsten\Desktop\Mathe
2015-05-01 12:40 - 2012-05-12 01:05 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Winamp
2015-04-29 13:11 - 2012-05-09 17:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-29 09:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-29 09:06 - 2012-05-07 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-27 22:43 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Torsten\MediathekView
2015-04-27 22:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-24 00:28 - 2012-05-07 17:29 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-20 11:45 - 2012-05-07 17:12 - 00058016 _____ () C:\Users\Torsten\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 23:34 - 2015-02-01 14:10 - 00000000 ____D () C:\Users\Torsten\.mediathek3
2015-04-15 08:58 - 2012-05-07 18:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:58 - 2012-05-07 18:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:01 - 2014-12-11 10:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:01 - 2014-05-07 11:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:07 - 2012-05-12 00:52 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 07:04 - 2013-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 06:57 - 2012-05-13 23:46 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 04:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-02-12 05:02 - 2015-02-12 05:02 - 0000337 _____ () C:\Users\Torsten\AppData\Local\Perfmon.PerfmonCfg
2015-05-02 15:08 - 2015-05-02 15:09 - 0000804 _____ () C:\Users\Torsten\AppData\Local\Temp-log.txt
2014-06-10 23:54 - 2014-06-10 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu19qei.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-29 09:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Grüße Torsten

Alt 03.05.2015, 16:12   #22
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Daumen hoch

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Zitat:
Zitat von TSOW Beitrag anzeigen
Hatte eigentlich gehofft, schon fast sauber zu sein
Der PC ist sauber.
Schau doch mal wo ESET das Zeug findet. Alles schon in Quarantäne. Die wird dann mit DelFix gelöscht.


Adobe Flash Player 12 ActiveX den mal updaten. (Dazu die Adobeseite mit dem Internet Explorer aufrufen und die neue Version downloaden.)

Finger weg vom Chip-Installer. Den Rest der von ESET im Download-Verzeichnis gefunden hat, einfach löschen.

>>clean<<
Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.



Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

Meine Kauf-Empfehlung:


ESET Smart Security

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.05.2015, 17:09   #23
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Vielen Dank für deine Hilfe. In meinem Zweitaccount habe ich noch www-searching.com als IE Startseite. Ansonsten läuft jetzt wieder alles wie es soll.

Über ein neues Antivirenprogramm werde ich mir dringend Gedanken machen müssen. Auch hier danke für deine Empfehlung. Auch der Hinweis bzgl. Chip war wichtig, denen habe ich bisher immer vertraut

Nochmals vielen Dank.

Grüße Torsten

Alt 03.05.2015, 17:15   #24
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Gerne. Machs gut.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.05.2015, 18:59   #25
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Ich habe gerade versucht, auch bei meinem zweiten Benutzerprofil die Startseite vom IE sowie Firefox zu korrigieren. Dennoch startet er noch immer mit www-searching.com, ohne dass dieses als Startseite eingetragen wäre. In meinem Hauptaccount ist dieses nocht der Fall.

Grüße Torsten

Alt 03.05.2015, 19:01   #26
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Poste mal ein FRST von dem Konto bitte.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.05.2015, 19:10   #27
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Hier der FRST-Log

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Teaching (ATTENTION: The logged in user is not administrator) on TORSTEN-HP on 03-05-2015 20:07:59
Running from C:\Users\Teaching\Desktop
Loaded Profiles: Torsten & Teaching (Available profiles: Torsten & Teaching)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> winlogon.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AERTSr64.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> Ath_CoexAgent.exe
Failed to access process -> AdminService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> SkypeC2CAutoUpdateSvc.exe
Failed to access process -> SkypeC2CPNRSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> HPWMISVC.exe
Failed to access process -> RIconMan.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> mbamservice.exe
Failed to access process -> pdfsvc.exe
Failed to access process -> sftvsa.exe
Failed to access process -> svchost.exe
Failed to access process -> TeamViewer_Service.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> sftlist.exe
Failed to access process -> taskhost.exe
Failed to access process -> mbam.exe
Failed to access process -> dwm.exe
Failed to access process -> RtkNGUI64.exe
Failed to access process -> SynTPEnh.exe
Failed to access process -> BtvStack.exe
Failed to access process -> AthBtTray.exe
Failed to access process -> msseces.exe
Failed to access process -> igfxtray.exe
Failed to access process -> hkcmd.exe
Failed to access process -> igfxpers.exe
Failed to access process -> ScanToPCActivationApp.exe
Failed to access process -> Dropbox.exe
Failed to access process -> IAStorIcon.exe
Failed to access process -> winampa.exe
Failed to access process -> taskeng.exe
Failed to access process -> HPMSGSVC.exe
Failed to access process -> CVHSVC.EXE
Failed to access process -> YCMMirage.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> HPOSD.exe
Failed to access process -> AdobeARM.exe
Failed to access process -> hpwuschd2.exe
Failed to access process -> SynTPHelper.exe
Failed to access process -> HPNetworkCommunicator.exe
Failed to access process -> hpqWmiEx.exe
Failed to access process -> HPWA_Main.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> HPWA_Service.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> LMS.exe
Failed to access process -> NASvc.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> UNS.exe
Failed to access process -> NisSrv.exe
Failed to access process -> explorer.exe
Failed to access process -> CVH.EXE
Failed to access process -> OFFICEVIRT.EXE
Failed to access process -> OSPPSVC.EXE
Failed to access process -> firefox.exe
Failed to access process -> dfrgui.exe
Failed to access process -> svchost.exe
Failed to access process -> notepad.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
Failed to access process -> hmpalert.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Ocs_SM] => C:\Users\Torsten\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
URLSearchHook: [S-1-5-21-3863440553-3622452381-3390168598-1000] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\zrqgxxmx.default-1430674021451
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-25] (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-25]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 20:07 - 2015-05-03 20:08 - 00019210 _____ () C:\Users\Teaching\Desktop\FRST.txt
2015-05-03 20:07 - 2015-05-03 20:08 - 00000000 ____D () C:\FRST
2015-05-03 20:07 - 2015-05-03 20:07 - 02101248 _____ (Farbar) C:\Users\Teaching\Desktop\FRST64.exe
2015-05-03 19:27 - 2015-05-03 19:27 - 00000000 ____D () C:\Users\Teaching\Desktop\Alte Firefox-Daten
2015-05-03 17:27 - 2015-05-03 17:27 - 00000000 ____D () C:\Users\Teaching\AppData\Local\VirtualStore
2015-05-03 17:25 - 2015-05-03 17:31 - 00000612 _____ () C:\DelFix.txt
2015-05-03 17:14 - 2015-05-03 17:14 - 00000000 ____D () C:\Users\Teaching\AppData\Roaming\hpqlog
2015-05-03 17:12 - 2015-05-03 17:12 - 00000000 ____D () C:\Users\Teaching\AppData\Local\PDFC
2015-05-02 20:47 - 2015-05-02 19:19 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-02 16:06 - 2015-05-03 17:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-01 04:42 - 2015-05-01 04:42 - 00000000 ____D () C:\ProgramData\c3b54530000537e
2015-05-01 04:28 - 2015-05-01 04:28 - 00000815 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-04-25 15:53 - 2015-04-25 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 23:10 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 23:10 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 23:10 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 23:10 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 23:10 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 23:10 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 23:10 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 23:10 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 23:10 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 23:10 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:10 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 23:09 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 23:09 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 23:09 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 23:09 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 23:09 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 23:09 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 23:09 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 23:09 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 23:09 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:09 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 23:09 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:09 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:09 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 23:09 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:09 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 23:09 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 23:09 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 23:09 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 23:09 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 23:09 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 23:09 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 23:09 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 23:09 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 23:08 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:08 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 23:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 23:17 - 2015-04-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 20:05 - 2014-11-04 16:08 - 00000000 ____D () C:\Users\Teaching\AppData\Local\CrashDumps
2015-05-03 20:05 - 2014-08-24 22:14 - 00000000 ____D () C:\Users\Teaching\Documents\Bluetooth Folder
2015-05-03 20:05 - 2011-11-09 15:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-03 19:15 - 2014-09-20 18:44 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job
2015-05-03 19:13 - 2011-11-09 14:37 - 01889321 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 19:12 - 2011-05-09 12:38 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-03 17:43 - 2014-12-13 11:40 - 00000000 ____D () C:\Program Files\paint.net
2015-05-03 17:26 - 2014-05-13 14:02 - 00000000 ____D () C:\Windows\ERUNT
2015-05-03 17:13 - 2014-08-24 22:17 - 00000000 ___RD () C:\Teaching
2015-05-03 13:12 - 2014-12-10 17:29 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForTorsten.job
2015-05-03 12:07 - 2011-05-09 22:12 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 12:07 - 2011-05-09 22:12 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 12:07 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 12:07 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:07 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:00 - 2012-05-07 17:31 - 00000000 ___RD () C:\Users\Torsten\Dropbox
2015-05-03 12:00 - 2012-05-07 17:24 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Dropbox
2015-05-03 11:58 - 2012-09-17 15:51 - 00056214 _____ () C:\Windows\setupact.log
2015-05-03 11:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 11:57 - 2014-09-20 18:44 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job
2015-05-02 20:59 - 2014-05-13 12:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-02 20:59 - 2012-10-14 09:48 - 00287062 _____ () C:\Windows\PFRO.log
2015-05-02 20:58 - 2012-05-12 00:53 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\SoftGrid Client
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-02 17:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2015-05-02 15:56 - 2013-10-13 19:46 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-02 15:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-02 15:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-02 15:55 - 2012-05-07 16:14 - 00000000 ____D () C:\Users\Torsten
2015-05-02 15:23 - 2014-08-24 22:14 - 00001595 _____ () C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 12:50 - 2012-09-20 11:21 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\vlc
2015-05-01 12:40 - 2012-05-12 01:05 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Winamp
2015-04-29 13:11 - 2012-05-09 17:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-29 09:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-29 09:06 - 2012-05-07 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-27 22:43 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Torsten\MediathekView
2015-04-27 22:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 23:34 - 2015-02-01 14:10 - 00000000 ____D () C:\Users\Torsten\.mediathek3
2015-04-15 08:58 - 2012-05-07 18:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:58 - 2012-05-07 18:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:01 - 2014-12-11 10:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:01 - 2014-05-07 11:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:07 - 2012-05-12 00:52 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 07:04 - 2013-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 06:57 - 2012-05-13 23:46 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 04:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-06-10 23:54 - 2014-06-10 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu19qei.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Auch noch die Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Teaching at 2015-05-03 20:08:37
Running from C:\Users\Teaching\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3863440553-3622452381-3390168598-500 - Administrator - Disabled)
Gast (S-1-5-21-3863440553-3622452381-3390168598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3863440553-3622452381-3390168598-1002 - Limited - Enabled)
Teaching (S-1-5-21-3863440553-3622452381-3390168598-1003 - Limited - Enabled) => C:\Users\Teaching
Torsten (S-1-5-21-3863440553-3622452381-3390168598-1000 - Administrator - Enabled) => C:\Users\Torsten

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.60 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Video Call Recorder for Skype version 1.2.12.319 (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.12.319 - DVDVideoSoft Ltd.)
GeoGebra 5 (HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\...\GeoGebra 5) (Version: 5.0.9.0 - International GeoGebra Institute)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF6EB833-D48A-49AC-9394-4C57489FDFF2}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}) (Version: 4.0.10.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Infonaut 1.10.0.13 (HKLM-x32\...\Infonaut_1.10.0.13) (Version: 1.10.0.13 - Infonaut)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 12 (HKLM-x32\...\{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}) (Version: 12.0.02900 - Nero AG)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Sekundo 7 (HKLM-x32\...\com.schroedel.sekundo7v2.5E8736CC72780A3AB44A7F466B5597F22FEA1697.1) (Version: 1.2 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterwe)
Sekundo 7 (x32 Version: 1.2 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterwe) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VideoDownloadConverter Internet Explorer Toolbar (HKLM-x32\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18B4D3F7-F114-4B19-8CD1-9B33971E99EA} - No Task path could be read. Access denied. 
Task: {3041A8A1-104C-442F-B7B1-0F3B4E7F5500} - \HPCeeScheduleForTorsten No Task File <==== ATTENTION
Task: {390D7972-588B-43C8-BF15-B5CF1FC21BA8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {394398CC-0A7D-4E67-B95C-9D36BB9DD712} - \{197C4A28-5810-4C42-944B-909B35B74110} No Task File <==== ATTENTION
Task: {43154D13-8B2B-45FA-80EB-50E27A6749B1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {4FBBEBFD-52FC-461C-B22D-8463C952994E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
Task: {5BF0472F-8E6B-41B2-96C3-998765F1553A} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start No Task File <==== ATTENTION
Task: {6C263D44-29A5-4529-85FB-EE4235AB65DF} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {70A939AB-2227-4C52-A998-B74A071E189D} - \{D7F12247-CCE6-4714-BFFF-4DA6AA154FBC} No Task File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
Task: {749BCA98-2C64-4229-B18A-01D066B63CA4} - \SMWUpd No Task File <==== ATTENTION
Task: {77B5C3B0-F132-4940-8262-A1BD109FF6C5} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis No Task File <==== ATTENTION
Task: {7BF78F2C-4C54-4C40-B2B5-0DAE4768055B} - \Registration No Task File <==== ATTENTION
Task: {7C689A37-BC41-4BE5-A703-FE5F92FA570C} - \Hewlett-Packard\HP Support Assistant\Update Check No Task File <==== ATTENTION
Task: {7FF48E03-2FDE-4E1C-84DB-41A102BDFF71} - \User_Feed_Synchronization-{307F94D9-B34C-4617-AD2B-73B8502BE40E} No Task File <==== ATTENTION
Task: {8D6BDBC5-0C61-4EA5-A583-3EAE678C9D15} - \FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA No Task File <==== ATTENTION
Task: {99519131-5F47-45E5-A633-B2135C9A1DCF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {9E4E21BC-C13D-4147-8CA8-2514CF1A1D73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
Task: {AF08274A-E482-4A99-BC6D-84DE69F5EA5A} - \FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core No Task File <==== ATTENTION
Task: {B7C32D6C-EAF9-4F89-8B1B-864D02A7FF5F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
Task: {E428C5C2-34BB-4985-80AF-4B179685AA40} - \{C1FE1179-651F-4AF3-8B05-B335AEA97FAA} No Task File <==== ATTENTION
Task: {FBEAE3A3-79F2-4962-B53D-3EA8A7E8A5B8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-09] (CyberLink)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job => 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job => 
Task: C:\Windows\Tasks\HPCeeScheduleForTorsten.job => 

==================== Loaded Modules (whitelisted) ==============

2010-12-17 02:37 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{2BB1D4D1-55B0-4416-B116-F832F593D3E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{51812DAD-2915-4EC4-82B6-08C5D554B248}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6CC50EF5-0581-4680-988A-68D51095167E}] => (Allow) LPort=2869
FirewallRules: [{C2887135-D2B6-4212-B536-E91D30E1F702}] => (Allow) LPort=1900
FirewallRules: [{2912670C-CFF8-44B6-A02C-D795F5D36C53}] => (Allow) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A799F554-693A-4E68-9B81-42609897CA2A}] => (Allow) C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DF59E101-9E02-4DE0-9C30-2E72E06A7594}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5314B784-4681-469E-B8E0-C0BD284AED34}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{CBE54819-6286-4588-AB2F-C7D809075CBE}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{DC4C9796-394E-4B81-B785-C7381AD97E2A}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{FEE3E038-A515-4161-9E85-9280CE629814}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{1671DE36-1133-4C1B-9FD8-EAAAB54FF95A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B59F61-D01C-4487-A9B4-E6CDE94A7235}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E3932796-8464-49F2-801D-063919797649}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0EAB560-D0A7-4039-836D-A4440C92BDDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7240D466-F1AD-4CCC-9E48-06A794D4AFCE}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B8611E65-64E3-4E78-9B8C-1B6D82FE53D9}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3B2F5EBE-BD27-40C4-B222-E0C3BDC0EEFF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A98B68D9-C0DA-4B3D-8718-7EA65E5B9E70}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{A7B9AECC-5398-4C9A-8A03-0D209547ECCF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{AC56B0F3-2A0C-4222-A67B-A9F27B2B4E1B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{CCEA5EC5-0854-4F03-9537-7389970F0114}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{E6533106-96C1-4B41-8DFA-3FED95E0E80B}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{AC6E76F7-69C0-4B68-96A3-0DA0A478F71E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{6FD04E96-6AD7-4C1C-ABF0-27BECA6C0B7B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{7C1B2101-2A97-4031-AEE1-7AB575740EA2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{C7C68200-E02D-40C0-AF3A-4ED2D371156D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{50FA55DE-0E62-44E1-8C36-81B35F8F14CA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{331C1E2B-2272-4D23-A85E-AF45CE035D95}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{404C9FF9-7D79-4664-8961-FEFE78859CF9}] => (Allow) C:\Users\Torsten\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{0EAD8562-B7B5-46A8-B9D4-209240FCCAEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1AD6C967-D061-41FF-84D6-3E3A39F0A7E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{685FA4AC-BD69-400E-BCCC-A49893E59E20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EFA5FA39-CB19-4B74-B259-749180A3BBC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FDD435F1-9CD4-40F0-B67A-36BF31B34E48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C797EBC3-D024-4CE3-AE3E-B2AF67D36D61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{29967E53-FFF5-48FC-88E7-26AA720A951A}C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{30E5E72C-2FF5-4E7E-8E23-45626039FD05}C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\torsten\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{311FED86-55A0-4E04-B1F3-9647C62BD476}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{77D052A2-48F5-45C2-A9BE-3B429324C2BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C06F4FA4-543A-44FF-82F5-90A505FB7F15}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{EF2C9823-2F39-4568-A530-922CC1C5E913}] => (Allow) C:\Users\Torsten\AppData\Local\UnicoBrowser\Application\unicobrowser.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 08:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0x11e0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/03/2015 07:57:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17728 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2f24

Startzeit: 01d085ca5aad93b0

Endzeit: 100

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: bcde9fd2-f1bd-11e4-9da5-74de2bacd106

Error: (05/03/2015 07:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17728 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a68

Startzeit: 01d085ca359b49ba

Endzeit: 15

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 8976c65b-f1bd-11e4-9da5-74de2bacd106

Error: (05/03/2015 07:54:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17728 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2a78

Startzeit: 01d085ca0f613767

Endzeit: 162

Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Berichts-ID: 59001931-f1bd-11e4-9da5-74de2bacd106

Error: (05/03/2015 07:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hmpalert.exe, Version: 2.6.5.77, Zeitstempel: 0x53444dec
Name des fehlerhaften Moduls: hmpalert.exe, Version: 2.6.5.77, Zeitstempel: 0x53444dec
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00034a44
ID des fehlerhaften Prozesses: 0x17d0
Startzeit der fehlerhaften Anwendung: 0xhmpalert.exe0
Pfad der fehlerhaften Anwendung: hmpalert.exe1
Pfad des fehlerhaften Moduls: hmpalert.exe2
Berichtskennung: hmpalert.exe3

Error: (05/03/2015 05:26:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hmpalert.exe, Version: 2.6.5.77, Zeitstempel: 0x53444dec
Name des fehlerhaften Moduls: hmpalert.exe, Version: 2.6.5.77, Zeitstempel: 0x53444dec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000322c8
ID des fehlerhaften Prozesses: 0x4d4
Startzeit der fehlerhaften Anwendung: 0xhmpalert.exe0
Pfad der fehlerhaften Anwendung: hmpalert.exe1
Pfad des fehlerhaften Moduls: hmpalert.exe2
Berichtskennung: hmpalert.exe3

Error: (05/03/2015 04:45:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 00:05:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 00:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/03/2015 00:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (05/03/2015 07:27:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HitmanPro.Alert Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/03/2015 07:14:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/03/2015 05:26:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HitmanPro.Alert Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/03/2015 00:00:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/03/2015 11:58:08 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.1237.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.7.0205.00

	Quellpfad: 4.7.0205.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/03/2015 11:57:52 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/03/2015 11:57:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/03/2015 11:57:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/03/2015 11:57:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/03/2015 11:57:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/03/2015 08:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84e11e001d085ba233ee485C:\Windows\Explorer.EXEC:\Windows\system32\msvcrt.dllefbe206c-f1be-11e4-9da5-74de2bacd106

Error: (05/03/2015 07:57:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.177282f2401d085ca5aad93b0100C:\Program Files\Internet Explorer\iexplore.exebcde9fd2-f1bd-11e4-9da5-74de2bacd106

Error: (05/03/2015 07:55:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.177281a6801d085ca359b49ba15C:\Program Files\Internet Explorer\iexplore.exe8976c65b-f1bd-11e4-9da5-74de2bacd106

Error: (05/03/2015 07:54:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.177282a7801d085ca0f613767162C:\Program Files\Internet Explorer\IEXPLORE.EXE59001931-f1bd-11e4-9da5-74de2bacd106

Error: (05/03/2015 07:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hmpalert.exe2.6.5.7753444dechmpalert.exe2.6.5.7753444decc000041700034a4417d001d085b579d02559C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exeC:\Program Files (x86)\HitmanPro.Alert\hmpalert.exeb195d61d-f1b9-11e4-9da5-74de2bacd106

Error: (05/03/2015 05:26:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hmpalert.exe2.6.5.7753444dechmpalert.exe2.6.5.7753444decc0000005000322c84d401d08587c232cbe3C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exeC:\Program Files (x86)\HitmanPro.Alert\hmpalert.exeb62aacd3-f1a8-11e4-9da5-74de2bacd106

Error: (05/03/2015 04:45:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/03/2015 00:05:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Torsten\Desktop\esetsmartinstaller_deu.exe

Error: (05/03/2015 00:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Torsten\Desktop\esetsmartinstaller_deu.exe

Error: (05/03/2015 00:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Torsten\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-05-03 19:43:15.365
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 19:12:40.312
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 18:30:01.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 18:04:58.776
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 17:48:31.153
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 17:41:02.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 17:30:55.667
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 17:24:08.180
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 17:00:43.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-03 16:52:21.023
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 39%
Total physical RAM: 8043.86 MB
Available physical RAM: 4835.07 MB
Total Pagefile: 16085.91 MB
Available Pagefile: 12508.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.59 GB) (Free:178.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.87 GB) (Free:1.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive g: (Local Disk) (Fixed) (Total:465.76 GB) (Free:203.24 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

Alt 03.05.2015, 19:13   #28
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Code:
ATTFilter
Ran by Teaching (ATTENTION: The logged in user is not administrator)
         
Unsere Tools brauchen Admin-Rechte.
Also bei Deinem zweiten Profil startet Firefox mit der anderen Seite? Oder öffnet sich eine zweite Seite?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.05.2015, 20:13   #29
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Die Browser starten so, als wäre www-searching.com als Startseite festgelegt. Daher hatte ich ja geglaubt, dass ich durch einfache Korrektur der Startseite das Problem lösen könnte. Jedoch istwww-searching.com in den Einstellungen garnicht als Startseite eingetragen.

Alt 03.05.2015, 20:21   #30
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Zitat:
Zitat von TSOW Beitrag anzeigen
Jedoch istwww-searching.com in den Einstellungen garnicht als Startseite eingetragen.
Das heißt ja nichts.

Schritt 1
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *searching*
    
    :regfind
    searching
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?
administrator, adobe, bonjour, cherimoya.sys, defender, dll, downloader, explorer, home, homepage, iexplore.exe, launch, mozilla, newtab, officejet, pdf, priceless, realtek, registry, reimage repair, rundll, schließen, security, services.exe, software, svchost.exe, temp, windows, winlogon.exe, wlan, ytdownloader, öffnet




Ähnliche Themen: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?


  1. Würde gerne diesen Mist wieder vom System haben
    Plagegeister aller Art und deren Bekämpfung - 14.05.2016 (20)
  2. Reimage Repair
    Plagegeister aller Art und deren Bekämpfung - 16.09.2015 (14)
  3. Windows 7 / Google Chrome: Browserlinks führen auf reimage repair Webseite
    Log-Analyse und Auswertung - 13.08.2015 (13)
  4. Win 7 Pro 64bit - Probleme beim Entfernen von Reimage Repair.
    Log-Analyse und Auswertung - 03.08.2015 (3)
  5. Reimage Repair/Spy Hunter - deinstallieren!
    Log-Analyse und Auswertung - 13.06.2015 (15)
  6. Reimage Repair - Ja oder lieber nicht?
    Antiviren-, Firewall- und andere Schutzprogramme - 11.04.2015 (10)
  7. Reimage Repair entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  8. Webssearches.com wieder da - oder hab ich es gar nicht richtig entfernt?
    Log-Analyse und Auswertung - 05.07.2014 (24)
  9. Trojaner qv06 wie werd ich den wieder los ?
    Log-Analyse und Auswertung - 29.08.2013 (16)
  10. Ihren Fahrkartenkauf_TM6ACN - "Bahn Trojaner" geöffnet - Mist! Infiziert? Und wie werd ich ihn wieder los?
    Log-Analyse und Auswertung - 19.05.2013 (7)
  11. InCrediBar - wie werd ich das Ding wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (27)
  12. EXP/CVE-2012-1723.BU Wie werd ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (1)
  13. Wie werd ich den wieder los?
    Mülltonne - 21.12.2008 (2)
  14. Brave-Sentry: Wie werd ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2007 (1)
  15. wie werd ich rsvp32_2.dll wieder los?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2007 (2)
  16. Wie werd ich die denn wieder los?
    Log-Analyse und Auswertung - 25.05.2006 (2)
  17. Schon wieder Mist auf der Festplatte :(
    Log-Analyse und Auswertung - 15.05.2005 (12)

Zum Thema mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Hi, Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere - mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?...
Archiv
Du betrachtest: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.