Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung

Celle · 17.07.2015, 11:22

Hallo,
ich habe von einen Freund ein Laptop bekommen da er sich einen neuen geholt hat.
sowie ich den Browser starte kommt als Startseite "istartsurf" obwohl ich als Startseite google eingestellt habe. Wenn ich dann einen neuen Tab öffne lädt die Seite und kurz darauf kommt ein haufen Werbefenster. Unter den Werbefenster steht "ads by name". Wenn ich diese alle schließe lädt die Seite neu und oben im Tab steht "Powered by Name" und die eigentliche Seite ist weg und es erscheint Werbung von Programmen die ich downloaden soll. wenn ich diese schließen will muss ich bestätigen ds ich die seite verlassen will. Ab und zu habe ich dann noch das problem dass Mozilla Firefox im "Hintergrund" nochmal startet und dann mehrmals der browser geöffnet ist.
Da ich relativ wenig bis keine Ahnung von solchen Problemen habe hoffe ich dass mir jemand helfen kann da ich fast am verzweifel bin weil ein normales surfen nicht möglich ist.

schrauber · 17.07.2015, 12:00

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Celle · 17.07.2015, 13:32

#
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Celle (administrator) on HUGO on 17-07-2015 11:32:24
Running from C:\Users\Celle\Downloads
Loaded Profiles: Celle (Available Profiles: Celle & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\Run: [Facebook Update] => C:\Users\Celle\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-21] (Facebook Inc.)
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\MountPoints2: {24610cfe-35bc-11e2-a35c-18f46a0cced3} - F:\AutoRun.exe
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\MountPoints2: {24610d0f-35bc-11e2-a35c-18f46a0cced3} - F:\AutoRun.exe
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\MountPoints2: {76677a88-f0fd-11e0-9bbb-206a8a235b58} - E:\SETUP.EXE
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\MountPoints2: {c571b1fa-2b40-11e2-ab81-206a8a235b58} - F:\Startme.exe
HKU\S-1-5-21-153650677-751186265-679376906-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PACKAR~1.SCR [456224 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-21]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
HKU\S-1-5-21-153650677-751186265-679376906-1001\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
HKU\S-1-5-21-153650677-751186265-679376906-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-153650677-751186265-679376906-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-153650677-751186265-679376906-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=026899df00000000000018f46a0cced3&toi=16075&r=683
SearchScopes: HKU\S-1-5-21-153650677-751186265-679376906-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-26&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-153650677-751186265-679376906-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-153650677-751186265-679376906-1001 -> {C9B192AE-D37D-4554-92D0-24DB431F7EC3} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-02-09] (IObit)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-03-18] (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-19] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-153650677-751186265-679376906-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F2B7D1CB-4101-416C-9E17-CD28B5599666}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FA289FE9-B393-47EC-9529-43F8269CAD40}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Celle\AppData\Roaming\Mozilla\Firefox\Profiles\57ixx9bc.default-1437083685867
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-153650677-751186265-679376906-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Celle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-03-18]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-16]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-05-06] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-05-06] <==== ATTENTION

Chrome: 
=======
CHR Profile: C:\Users\Celle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Protection) - C:\Users\Celle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-03-18]
CHR Extension: (No Name) - C:\Users\Celle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-08-25]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe [282016 2015-06-18] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-16] (Electronic Arts)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SpyHunter 4 Service; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-07] (DT Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-06] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-03] (REALiX(tm))
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20150716.001\IDSvia64.sys [692984 2015-07-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20150716.009\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20150716.009\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 cpuz134; \??\C:\Users\Celle\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 11:32 - 2015-07-17 11:33 - 00023413 _____ C:\Users\Celle\Downloads\FRST.txt
2015-07-17 11:32 - 2015-07-17 11:32 - 00000000 ____D C:\FRST
2015-07-17 11:30 - 2015-07-17 11:31 - 02133504 _____ (Farbar) C:\Users\Celle\Downloads\FRST64.exe
2015-07-16 23:54 - 2015-07-16 23:54 - 00000000 ____D C:\Users\Celle\Desktop\Alte Firefox-Daten
2015-07-16 23:07 - 2015-07-16 23:07 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-16 22:58 - 2015-07-16 22:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2015-07-16 11:19 - 2015-07-16 22:58 - 00002368 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-07-16 10:24 - 2015-07-16 10:24 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-12 21:28 - 2015-07-12 21:28 - 00013172 _____ C:\Users\Celle\Desktop\30. geburtstag.ods
2015-07-09 14:24 - 2015-07-16 10:20 - 00000000 ____D C:\Users\Celle\Desktop\Arbeitsunfall BG
2015-06-26 21:26 - 2015-06-26 21:26 - 00003402 _____ C:\Windows\System32\Tasks\Reimage Reminder
2015-06-26 21:20 - 2015-06-26 21:26 - 00000144 _____ C:\Windows\Reimage.ini
2015-06-26 21:20 - 2015-06-26 21:26 - 00000072 _____ C:\Windows\efix.ini
2015-06-26 21:19 - 2015-06-26 21:19 - 00789080 _____ (eFix®) C:\Users\Celle\Downloads\eFixPro.exe
2015-06-26 20:56 - 2015-06-26 20:56 - 00000000 ____D C:\NPE
2015-06-26 20:53 - 2015-06-26 21:17 - 00000000 ____D C:\Users\Celle\AppData\Local\NPE
2015-06-23 11:05 - 2015-06-23 11:05 - 00000000 ____D C:\Users\Celle\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 11:27 - 2013-07-07 01:08 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 11:24 - 2012-04-15 21:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 11:20 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 11:20 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 11:16 - 2012-02-01 19:15 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D0394304-5AD5-45AC-8682-98C9B105D424}
2015-07-17 11:16 - 2011-10-02 19:28 - 00000000 ____D C:\Users\Celle\AppData\Local\CrashDumps
2015-07-17 11:15 - 2012-04-20 22:13 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001UA.job
2015-07-17 00:28 - 2011-09-30 21:27 - 00000000 ____D C:\Users\Celle\AppData\Roaming\UseNeXT
2015-07-17 00:18 - 2014-12-30 00:39 - 00000000 ____D C:\ProgramData\Ableton
2015-07-17 00:16 - 2011-09-30 21:41 - 00000000 ____D C:\Users\Celle\Desktop\Eigene Musik USENEXT
2015-07-17 00:11 - 2015-02-09 18:19 - 00002896 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Celle
2015-07-16 22:59 - 2013-03-18 20:35 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-16 22:59 - 2013-03-18 20:34 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-16 22:56 - 2015-05-16 14:48 - 00001637 _____ C:\Windows\setupact.log
2015-07-16 22:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 12:07 - 2015-05-16 14:48 - 00064010 _____ C:\Windows\PFRO.log
2015-07-16 11:19 - 2013-03-18 20:35 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-16 11:19 - 2013-03-18 20:35 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-16 11:19 - 2013-03-18 20:35 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-16 11:19 - 2010-09-08 05:06 - 00000000 ____D C:\ProgramData\Norton
2015-07-16 11:16 - 2012-05-04 23:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-16 10:24 - 2012-04-15 21:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 10:24 - 2012-04-15 21:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 10:24 - 2011-09-29 21:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 10:22 - 2013-07-07 01:08 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 10:22 - 2013-07-07 01:08 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 10:22 - 2013-07-07 01:08 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 23:40 - 2011-10-15 01:50 - 00000000 ____D C:\ProgramData\Bagger-Simulator 2011
2015-07-12 21:16 - 2012-04-20 22:13 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001Core.job
2015-07-12 15:10 - 2014-08-26 20:59 - 00000000 ____D C:\ProgramData\ProductData
2015-07-12 15:05 - 2010-11-25 09:29 - 01540131 _____ C:\Windows\WindowsUpdate.log
2015-06-26 21:15 - 2011-09-29 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-06-26 21:14 - 2011-09-29 20:01 - 00000000 ____D C:\Users\Celle\AppData\Roaming\Skype
2015-06-26 21:13 - 2014-08-26 20:59 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-26 20:57 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-25 08:04 - 2010-11-25 18:19 - 00699682 _____ C:\Windows\system32\perfh007.dat
2015-06-25 08:04 - 2010-11-25 18:19 - 00149790 _____ C:\Windows\system32\perfc007.dat
2015-06-25 08:04 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-25 07:58 - 2009-07-14 06:45 - 00554288 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-25 07:54 - 2014-12-12 04:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-25 07:54 - 2014-05-08 17:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-25 07:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-21 10:20 - 2015-06-12 13:48 - 00000000 ____D C:\Users\Celle\Desktop\Neuer Ordner (2)
2015-06-18 20:34 - 2011-09-29 20:08 - 00000000 ____D C:\ProgramData\boost_interprocess

==================== Files in the root of some directories =======

2014-11-22 00:25 - 2014-11-22 00:25 - 0000097 _____ () C:\Users\Celle\AppData\Roaming\LauncherSettings_live.cfg
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Celle\AppData\Roaming\MMH5mDZMxlaWiMiOpxwK
2014-11-21 23:31 - 2014-11-21 23:31 - 0000039 _____ () C:\Users\Celle\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Celle\AppData\Roaming\TZ6nxY1skhZJk4GAQsnW9In8qXF
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Celle\AppData\Roaming\xaQ8DWYFKXGlDMrO7Rzbff4x
2013-09-06 19:28 - 2013-09-07 15:41 - 0003584 _____ () C:\Users\Celle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-20 21:31 - 2015-01-20 21:31 - 0004171 _____ () C:\Users\Celle\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Celle\ffdshow.reg


Some files in TEMP:
====================
C:\Users\Celle\AppData\Local\Temp\eFixProPackage.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-25 04:28

==================== End of log ============================

--- --- ---

#

Windows 7 6.1
AMD64
Wow64Process
WinAspi: -

NT-SPTI used
Nero Version: 9.4.37.100
Internal Version: 9, 4, 37, 100
(Nero Express)
Recorder: <Optiarc DVD RW AD-7585H> Version: KX04 - HA 1 TA 0 - 9.4.37.100
Adapter driver: <Serial ATA> HA 1
Drive buffer : 2048kB
Bus Type : via Inquiry data
CD-ROM: <Optiarc DVD RW AD-7585H >Version: KX04 - HA 1 TA 0 - 9.4.37.100
Adapter driver: <Serial ATA> HA 1

=== Scsi-Device-Map ===
DiskPeripheral : TOSHIBA MK6465GSX iaStor Port 0 ID 0 DMA: On
CdRomPeripheral : Optiarc DVD RW AD-7585H iaStor Port 0 ID 1 DMA: Off

=== CDRom-Device-Map ===
Optiarc DVD RW AD-7585H D: CdRom0
DTSOFT BDROM E: CdRom1
=======================

AutoRun : 1
Excluded drive IDs:
WriteBufferSize: 83886080 (0) Byte
BUFE : 0
Physical memory : 4095MB (4194303kB)
Free physical memory: 3869MB (3962464kB)
Memory in use : 35 %
Uncached PFiles: 0x0
Global Bus Type: default (0)
Check supported media : Disabled (0)

12.7.2014
ISO Zusammenstellung
16:42:12 #1 Text 0 File SCSIPTICommands.cpp, Line 430
LockMCN - completed sucessfully for IOCTL_STORAGE_MCN_CONTROL

16:42:13 #2 Text 0 File Isodoc.cpp, Line 7014
Iso document burn settings
------------------------------------------
Determine maximum speed : FALSE
Simulate : FALSE
Write : TRUE
Finalize CD : TRUE
Multisession : FALSE
Burning mode : DAO
Mode : 1
ISO Level : 1 (Max. of 11 = 8 + 3 char)
Character set : ISO 9660
Joliet : TRUE
Allow pathdepth more than 8 directories : TRUE
Allow more than 255 characters in path : TRUE
Write ISO9660 ;1 file extensions : TRUE

16:42:13 #3 ISO9660GEN -11 File Geniso.cpp, Line 3327
First writeable address = 0 (0x00000000)

16:42:13 #4 Text 0 File Burncd.cpp, Line 3649
Turn on Disc-At-Once, using DVD media

16:42:54 #5 Phase 40 File dlgbrnst.cpp, Line 1802
Aborted by user

16:42:54 #6 Text 0 File DlgWaitCD.cpp, Line 313
Disc check failed: Medium not allowed (Wrong CD)

16:42:54 #7 Text 0 File DlgWaitCD.cpp, Line 325
Write in overburning mode: NO (enabled: CD)

16:42:54 #8 Text 0 File DlgWaitCD.cpp, Line 2845
Recorder: Optiarc DVD RW AD-7585H
Medium not present

16:42:54 #9 Text 0 File DlgWaitCD.cpp, Line 500
>>> Protocol of DlgWaitCD activities: <<<
=========================================
Compilation cannot be written on that medium type.
(Medium in drive: CD-R. Medium required by compilation: DVD R/RW; DVD DL; DVD-RAM.)

16:42:54 #10 Text 0 File SCSIPTICommands.cpp, Line 430
UnLockMCN - completed sucessfully for IOCTL_STORAGE_MCN_CONTROL

Existing drivers:

Registry Keys:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon

Danke schonmal für die schnelle Antwort!

schrauber · 18.07.2015, 07:58

fehlt noch die Addition.txt

Celle · 18.07.2015, 21:48

#FRST Additions Logfile:
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Celle at 2015-07-17 11:33:29
Running from C:\Users\Celle\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-153650677-751186265-679376906-500 - Administrator - Disabled)
Celle (S-1-5-21-153650677-751186265-679376906-1001 - Administrator - Enabled) => C:\Users\Celle
Gast (S-1-5-21-153650677-751186265-679376906-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-153650677-751186265-679376906-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Agrar Simulator 2011 (HKLM-x32\...\Agrar Simulator 2011) (Version:  - )
Agrar Simulator BGA 2011 (HKLM-x32\...\Agrar Simulator BGA 2011) (Version:  - )
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
ATI Catalyst Install Manager (HKLM\...\{84CC4DD9-03B2-C31A-537E-9BBC18ACC602}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bagger-Simulator 2011 (HKLM-x32\...\Bagger-Simulator 2011) (Version:  - )
Bau-Simulator 2012 Version 1.0 (HKLM-x32\...\{AEF59382-3FF1-4EBF-A93E-CCC474DCEA3F}_is1) (Version: 1.0 - weltenbauer. Software Entwicklung GmbH)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon MX310 series Benutzerregistrierung (HKLM-x32\...\Canon MX310 series Benutzerregistrierung) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2010.0828.2240.38829 - Ihr Firmenname) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cities In Motion - Design Classics (HKLM-x32\...\{37F03AE9-D51D-4B1C-806F-3DA898E330BD}_is1) (Version:  - )
Cities In Motion - Design Marvels (HKLM-x32\...\{68416881-7697-46F7-BBAF-8741D5C3584F}_is1) (Version:  - )
Cities In Motion - Design Now (HKLM-x32\...\{7B3050F8-E4DA-4276-8972-A75DC2A671A2}_is1) (Version:  - )
Cities In Motion - German Cities (HKLM-x32\...\{AD6FDE5E-FDA6-43CA-93B6-C90C9DB3FE52}_is1) (Version:  - )
Cities In Motion - Metro Stations (HKLM-x32\...\{899EF246-6FF0-4A9C-9689-80C2CA0BD868}_is1) (Version:  - )
Cities In Motion - Patch 1.0.22 (HKLM-x32\...\{34D52D01-C65D-4A29-99E0-E02030597B4F}_is1) (Version:  - )
Cities In Motion - Tokyo (HKLM-x32\...\{9C29DF2E-4EC8-485A-AAB9-A70727F29494}_is1) (Version:  - )
Cities In Motion - U.S. Cities (HKLM-x32\...\{B11E789C-8A0B-470A-AB34-63CD65F9CE81}_is1) (Version:  - )
Cities In Motion (HKLM-x32\...\{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
easySoft-Pro 6 Demo (HKLM-x32\...\{CF90BA6B-2DA4-4BED-9F55-629BE9B7EE00}) (Version: 6.90.5193 - Eaton Industries GmbH)
Emergency 2012 (HKLM-x32\...\Emergency 2012) (Version:  - Quadriga Games GmbH)
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
Fluke DMS 1.5 (HKLM-x32\...\{D15F5543-ED16-4A75-A066-5FCBF145CC65}) (Version: 1.05.0014 - Fluke Corporation)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.5.628 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google SketchUp 8 (HKLM-x32\...\{15F02176-0D12-4FAF-B2CD-2767C7781427}) (Version: 3.0.4993 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.0.124 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.3315 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 2.0.3315 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version:  - NCH Software)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scribus 1.4.3 (HKLM-x32\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
UltraMixer 3.1.0 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E1}_is1) (Version: 3.1.0 - UltraMixer Digital Audio Solutions)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VUPlayer (HKLM-x32\...\VUPlayer) (Version:  - )
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-153650677-751186265-679376906-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-06-2015 13:17:55 Windows Update
25-06-2015 04:37:19 Geplanter Prüfpunkt
26-06-2015 21:04:47 Norton_Power_Eraser_20150626210442591
17-07-2015 00:23:25 Removed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05B903EF-DB63-4E77-8A0F-2FB2B200269A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {0F9DE01F-1EFB-4172-8F26-EBE945E47C40} - System32\Tasks\{3468023A-63D3-4815-B298-73A9F42D9DB7} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {131C066F-AF28-4622-BA89-94B41B2511EC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001UA => C:\Users\Celle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21] (Facebook Inc.)
Task: {14B3AAE7-662A-4B69-9265-47036C49CCE1} - System32\Tasks\{1B1C404C-F744-4FD0-A52F-7C1EEB3ECC4F} => pcalua.exe -a C:\Users\Celle\AppData\Roaming\istart123\UninstallManager.exe -c  -ptid=tugs
Task: {164A6B1C-37A0-459A-96BC-D983A405985C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {18F8F1FA-D1DA-40A1-8291-7DB99A24FF86} - System32\Tasks\{BCD73071-D1F1-4704-ADA1-45D778E25CA9} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {1C091DD5-CA5D-441F-97E1-F4AF2DE8034F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {1CC59F57-CA1C-4357-AD80-ACC090C4990E} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-14] (InstallShield Software Corporation)
Task: {1E2CA8BF-2ED2-4292-A2B8-4C53D9460B91} - System32\Tasks\{A230F4BF-BA02-4589-BB41-2CEC963E71F6} => pcalua.exe -a C:\Users\Celle\Downloads\vcredist_x86.exe -d C:\Users\Celle\Downloads
Task: {368EDBB0-6206-43FC-BB20-75A1EEB7134D} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe <==== ATTENTION
Task: {3ECA1328-C13A-4504-95D2-BBBD867CF798} - System32\Tasks\{B2EC4FDC-E365-4878-9A25-F38009CD17C7} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {48713B24-85B1-4A66-87F5-3F671EAC894F} - System32\Tasks\{1549E402-A009-4CBB-BE82-C51E02FEE84A} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {4D556043-F1BD-40D5-BFAD-3191420FDC09} - \BrowserDefendert No Task File <==== ATTENTION
Task: {5F1CD8D9-E459-4B8B-AF81-CBDB2F6F466C} - System32\Tasks\{5A207D2C-340E-4863-99E5-D0819E467A7C} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {605B7355-F237-4F02-A5EE-B8952D3A8EFC} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {75DB3172-5D66-493E-AFF9-C40493664B75} - System32\Tasks\{7CB942C2-EB0B-47E8-BA9A-070C86FB7F78} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {79761490-70EC-461B-9CF8-7527B6535070} - System32\Tasks\Driver Booster SkipUAC (Celle) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {80EDC61A-C3CB-4951-8982-7A5C95E59900} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-153650677-751186265-679376906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {85EC56D3-382D-4481-A525-FE15ACEFE447} - System32\Tasks\{EE1DC144-2794-4972-A3FA-2CB2BC520E78} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {8D807CEE-2A70-4D08-92A4-0036843913EF} - System32\Tasks\{C430690D-FCB5-42EC-8660-DD2C95AFFA2B} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {971F45BF-BC1E-44C3-9EBC-705B3AB3F7BF} - System32\Tasks\{0A2FD4F9-9733-40F6-902F-673CB1D2C39D} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {9A9ED13D-DEDB-4F9A-B75B-47FFCCCF70E1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001Core => C:\Users\Celle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21] (Facebook Inc.)
Task: {9BFFACFD-E483-459E-80A3-9EFFEC24A0E7} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004-06-14] (InstallShield Software Corporation)
Task: {9C8C6146-87A2-40E5-A2DD-0FC10B22A4DC} - System32\Tasks\{AEFDFFD0-0668-402D-A8E4-DF7E33F8D5B1} => pcalua.exe -a "C:\Program Files (x86)\Plus-HD-1.6\Uninstall.exe" -c /fromcontrolpanel=1
Task: {A0D4286F-1441-4CF7-A238-028DBC656A8D} - System32\Tasks\Reimage Reminder => C:\Program Files\eFix\eFix Pro\eFixReminder.exe <==== ATTENTION
Task: {A8176CF0-96F7-407E-A4D7-0F8470B0ADFE} - System32\Tasks\{56F4093D-E9DB-4A03-BBCB-CB81CEDA9DBB} => pcalua.exe -a F:\MSWorks\instmsia.exe -d F:\MSWorks
Task: {AC17E221-CFDA-4917-974E-E35978A53C4E} - System32\Tasks\{622D4084-3F02-4B8A-83A5-3B703487A2B3} => pcalua.exe -a C:\Users\Celle\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
Task: {BA4CBAEA-AF5E-48BB-8C33-9163C5264DE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {C13883D1-D2B2-492E-8C24-E051819BA6EE} - System32\Tasks\Uninstaller_SkipUac_Celle => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {C1A7BFE0-632D-4549-82A9-9DF0220BFFDB} - System32\Tasks\{2EE3DB75-A59D-4BC8-A339-FF1FA4D1C41B} => pcalua.exe -a C:\Users\Celle\Desktop\RailSimulator_Demo.exe -d C:\Users\Celle\Desktop
Task: {CF27A6F6-04FD-4DF2-8EC5-B323379390B9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-153650677-751186265-679376906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {D71D3D57-7677-41AF-8E32-DAFFCA94F5FA} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {DD776F7D-6853-41F1-B906-53647A8D5DC9} - System32\Tasks\{B80CEFB1-0232-4293-B20D-A05EB96686EC} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {E3D624BE-6F48-4C0B-A7DD-80925667001A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {E4B42DD5-407B-4F90-B1C5-44E7E5CFC2EC} - System32\Tasks\{18889548-17FA-4B31-965A-221A4BA421F4} => pcalua.exe -a D:\setup.exe -d D:\
Task: {E5934C1E-22B7-48D8-95E3-7A94D0C4F3D9} - System32\Tasks\{69B807D0-6D9A-413F-BFCB-8DAFB998A3B9} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {E6F757F8-F082-43F3-9752-7F3AAEBE821E} - System32\Tasks\{661F5041-CA3C-45BB-892E-575EDAB1CB5E} => C:\Program Files (x86)\Agrar Simulator BGA 2011\farm.bga.exe [2011-08-22] (ActaLogic)
Task: {EEBE88FD-F143-4FCB-9592-84268DD46CC3} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {F410997A-DB8E-4280-AAA9-D2FBC2A11615} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\WSCStub.exe [2015-06-18] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001Core.job => C:\Users\Celle\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001UA.job => C:\Users\Celle\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-06-25 10:08 - 2010-06-25 10:08 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-08-26 16:45 - 2010-08-26 16:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-28 23:39 - 2010-08-28 23:39 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2015-02-09 18:19 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-02-09 18:19 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-02-09 18:19 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2010-11-25 18:09 - 2009-05-21 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2015-07-16 10:24 - 2015-07-16 10:24 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:DCE70D73

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-153650677-751186265-679376906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Celle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Celle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E498FE52-5BF0-45EA-8738-54E11F7E314E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{04858545-8BCB-44CD-8FA0-ADF8D63A6A14}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{94268F5A-F6C5-4800-A6EA-4D3279132EB5}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{F9661A94-27B3-4B82-9C1D-0834765D8E06}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{98E79B8C-09DF-4C90-89F1-53ECEE62B140}] => (Allow) C:\Program Files (x86)\Agrar Simulator BGA 2011\iupdate.dll
FirewallRules: [{56E25E5F-EBB8-4CAA-BF64-93B2A8F2010B}] => (Allow) C:\Program Files (x86)\Agrar Simulator BGA 2011\iupdate.dll
FirewallRules: [{D329D7AD-4D18-434B-9BD6-C4FF84938487}] => (Allow) C:\Program Files (x86)\Agrar Simulator BGA 2011\farm.bga.dll
FirewallRules: [{FA0A970A-D378-404A-A7C7-9095B292FDFE}] => (Allow) C:\Program Files (x86)\Agrar Simulator BGA 2011\farm.bga.dll
FirewallRules: [{475087A0-3C64-404E-8876-2A575CC92CDB}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\iupdate.dll
FirewallRules: [{BEB24863-40D9-447A-A404-B235591BA002}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\iupdate.dll
FirewallRules: [{C1515911-2D48-4EE7-9449-84463B311CC5}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\farm.dll
FirewallRules: [{21F1DBAF-D533-4227-BB18-D2BC249E6FA3}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\farm.dll
FirewallRules: [TCP Query User{83171287-FEDD-4C80-B431-FBCD2C11E169}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{2C17CCF3-56B2-42EA-AA6D-F41C9BFC4190}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{006C9675-63AC-4631-984F-7019A44BFCAD}] => (Allow) C:\Users\Celle\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A919CD3A-89DD-493E-964C-7617C970FA82}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A45A9E27-CE12-4016-B348-44CA980FF57D}] => (Allow) LPort=2869
FirewallRules: [{DFDA01C2-2DA8-44EA-8931-A7F38DE3B6A9}] => (Allow) LPort=1900
FirewallRules: [{5590E21A-8B4E-4309-8644-CF35765C3476}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\iupdate.dll
FirewallRules: [{973CA768-C436-45F0-AFE7-42DA811EF6B1}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\iupdate.dll
FirewallRules: [{1562D057-B676-4AB4-93E4-644A05A78380}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\farm.dll
FirewallRules: [{D965FCBA-9A5B-41FB-8253-0B45DE4BF4F9}] => (Allow) C:\Program Files (x86)\Agrar Simulator 2011\farm.dll
FirewallRules: [{B74DF601-9E16-4C3E-9375-FDA0B109C892}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{C7456525-0773-462E-A443-149A739C84E4}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{33E1B1C2-5C0C-4C3E-9B4A-D61AC1E9E3B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CCFF9EDB-6DF4-4D7C-B021-24AC84F72EE9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1B4FA9E-D20E-4FB9-8AFF-AF771B123D67}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EE00EB41-87FB-4E5B-9A87-B2F94EF50AF1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{34434DA2-D71C-4CE1-8EA3-5F6FAE3F58AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{D5774BA6-8CBE-4BF5-8D3B-333D9B42D001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{09F3CB42-E0C3-44AE-B4F5-919E1A42CEF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{6D46BC28-D7C7-48DD-BCED-AB7BAF1A2C55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{0758FABF-6286-4948-81E7-146F41F15559}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E65E6CD1-D807-4A22-AF29-96009DAA98B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2015 11:16:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0x1900
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (07/17/2015 12:29:29 AM) (Source: MsiInstaller) (EventID: 11730) (User: Hugo)
Description: Product: 7-Zip 9.20 (x64 edition) -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (07/17/2015 12:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: WINHTTP.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca23
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001376
ID des fehlerhaften Prozesses: 0xbec
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (07/16/2015 10:30:32 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/11/2015 10:51:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (07/10/2015 06:57:40 PM) (Source: Google Update) (EventID: 20) (User: Hugo)
Description: Network Request Error.
Error: 0x80072efe. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 302.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 302.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (07/10/2015 06:50:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0xafc
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (07/10/2015 12:20:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000264
Fehleroffset: 0x00000000000c9358
ID des fehlerhaften Prozesses: 0x1ac0
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (07/10/2015 12:20:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366f2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ada4
ID des fehlerhaften Prozesses: 0x1ac0
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3

Error: (07/08/2015 12:08:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17813, Zeitstempel: 0x554a15f3
Name des fehlerhaften Moduls: mshtml.dll, Version: 11.0.9600.17842, Zeitstempel: 0x5565d4c6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000009296
ID des fehlerhaften Prozesses: 0x3b8
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3


System errors:
=============
Error: (07/16/2015 10:56:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (07/16/2015 12:08:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (07/12/2015 03:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (07/12/2015 03:09:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎07.‎2015 um 15:06:46 unerwartet heruntergefahren.

Error: (06/26/2015 09:13:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Advanced SystemCare Service 8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 09:08:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (06/26/2015 08:55:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (06/26/2015 08:54:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/25/2015 07:58:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (06/25/2015 07:55:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office:
=========================
Error: (07/17/2015 11:16:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada4190001d0c07130c86278C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll7406ecad-2c64-11e5-9add-87f7f0ee83f7

Error: (07/17/2015 12:29:29 AM) (Source: MsiInstaller) (EventID: 11730) (User: Hugo)
Description: Product: 7-Zip 9.20 (x64 edition) -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/17/2015 12:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4WINHTTP.dll6.1.7601.175144ce7ca23c00000050000000000001376bec01d0c009e8221dccC:\Windows\Explorer.EXEC:\Windows\system32\WINHTTP.dll95334244-2c07-11e5-9add-87f7f0ee83f7

Error: (07/16/2015 10:30:32 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/11/2015 10:51:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada4134001d0bbb6ba4d6544C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllfabb9105-27a9-11e5-8f8a-d48e9527fde3

Error: (07/10/2015 06:57:40 PM) (Source: Google Update) (EventID: 20) (User: Hugo)
Description: Network Request Error.
Error: 0x80072efe. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 302.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 302.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r

Error: (07/10/2015 06:50:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada4afc01d0bb307b98cdcfC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dllc3096935-2723-11e5-8f8a-d48e9527fde3

Error: (07/10/2015 12:20:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.1.7601.18869556366f2c000026400000000000c93581ac001d0baf9fbbcc803C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll436144ad-26ed-11e5-8f8a-d48e9527fde3

Error: (07/10/2015 12:20:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada41ac001d0baf9fbbcc803C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll3d484abe-26ed-11e5-8f8a-d48e9527fde3

Error: (07/08/2015 12:08:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.17813554a15f3mshtml.dll11.0.9600.178425565d4c6c000000500000000000092963b801d0b966028eae80C:\Windows\System32\GWX\GWXUX.exeC:\Windows\System32\mshtml.dll44764b7d-2559-11e5-8f8a-d48e9527fde3


CodeIntegrity Errors:
===================================
  Date: 2012-03-02 22:08:55.963
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-02 22:08:55.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-02 22:08:37.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-02 22:08:37.853
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-02 22:05:57.630
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-02 22:05:57.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-02 18:09:00.857
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-02 18:09:00.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-01 21:09:37.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-01 21:09:37.361
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 48%
Total physical RAM: 6004.5 MB
Available physical RAM: 3105.33 MB
Total Virtual: 12007.2 MB
Available Virtual: 8684.04 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:583.38 GB) (Free:402.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 69196919)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=583.4 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---

--- --- ---

schrauber · 19.07.2015, 14:22

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Celle · 19.07.2015, 23:43

#Combofix Logfile:

Code:

ATTFilter

ComboFix 15-07-18.01 - Celle 20.07.2015   0:22.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6004.3053 [GMT 2:00]
ausgeführt von:: c:\users\Celle\Downloads\ComboFix.exe
AV: Norton 360 Premier *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton 360 Premier *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton 360 Premier *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\MediaPlayerV1
c:\program files (x86)\MediaViewerV1
c:\program files (x86)\MediaViewV1
c:\program files (x86)\RichMediaViewV1
c:\programdata\ntuser.pol
c:\users\Celle\AppData\Roaming\337
c:\users\Celle\AppData\Roaming\Common\LuaRT
c:\users\Celle\AppData\Roaming\Common\LuaRT\alien.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\alien\core.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\alien\struct.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\base.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\debug_ext.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\debug_init.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\getopt.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\io_ext.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode\array.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode\calls.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode\number.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode\object.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode\others.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode\strings.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\decode\util.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\array.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\calls.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\number.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\object.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\others.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\output.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\output_utility.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\encode\strings.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\json\util.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\lfs.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\list.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\lpeg.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\ltn12.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\lua.exe
c:\users\Celle\AppData\Roaming\Common\LuaRT\lua5.1.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\lua51.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\luacom.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\luasql\sqlite3.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\math_ext.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\users\Celle\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcm80.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcp80.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcr80.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\mime.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\mime\core.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\modules.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\package_ext.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\set.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\socket.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\socket\core.dll
c:\users\Celle\AppData\Roaming\Common\LuaRT\socket\http.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\socket\url.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\std.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\strbuf.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\string_ext.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\table_ext.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\tree.lua
c:\users\Celle\AppData\Roaming\Common\LuaRT\wlua.exe
c:\users\Gast\AppData\Roaming\Origin
c:\users\Gast\AppData\Roaming\Origin\local.xml
c:\users\Gast\AppData\Roaming\Origin\local_494f408379edb1e40e85fc0da3dbae64.xml
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-19 bis 2015-07-19  ))))))))))))))))))))))))))))))
.
.
2015-07-18 08:53 . 2015-06-02 00:07	254976	----a-w-	c:\windows\system32\cewmdm.dll
2015-07-18 08:52 . 2015-06-20 19:50	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-07-18 08:51 . 2015-06-15 21:50	112064	----a-w-	c:\windows\system32\consent.exe
2015-07-17 09:42 . 2015-07-17 09:42	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-07-17 09:32 . 2015-07-17 09:34	--------	d-----w-	C:\FRST
2015-07-16 09:18 . 2015-07-18 08:39	--------	d-----w-	c:\windows\system32\drivers\N360x64\1605000.07C
2015-07-16 08:24 . 2015-07-16 08:24	18524336	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-06-26 18:56 . 2015-06-26 18:56	--------	d-----w-	C:\NPE
2015-06-26 18:53 . 2015-06-26 19:17	--------	d-----w-	c:\users\Celle\AppData\Local\NPE
2015-06-23 09:05 . 2015-06-23 09:05	--------	d-----w-	c:\users\Celle\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 09:19 . 2013-03-18 18:35	102616	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-07-16 08:24 . 2012-04-15 19:19	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-16 08:24 . 2011-09-29 19:49	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2012-11-06 15:25	130333168	----a-w-	c:\windows\system32\MRT.exe
2015-05-25 18:24 . 2015-06-11 18:48	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-11 18:48	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-11 18:48	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-11 18:48	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-11 18:48	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-11 18:48	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-11 18:48	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-11 18:48	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-11 18:48	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-11 18:48	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-11 18:48	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-11 18:48	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-11 18:48	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-11 18:48	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-11 18:48	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-11 18:48	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-11 18:48	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-11 18:48	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-11 18:48	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-11 18:48	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-11 18:48	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-11 18:48	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-11 18:48	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-11 18:48	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-11 18:48	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-11 18:48	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-11 18:48	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-11 18:48	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-11 18:48	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-11 18:48	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-11 18:48	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-11 18:48	92160	----a-w-	c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-11 18:48	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-11 18:48	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-11 18:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-11 18:48	40448	----a-w-	c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-11 18:48	364544	----a-w-	c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-11 18:48	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-11 18:48	37888	----a-w-	c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-11 18:48	82944	----a-w-	c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-11 18:48	17408	----a-w-	c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-11 18:48	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-11 18:48	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-11 18:48	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-11 18:48	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 17:55 . 2015-06-11 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-05-25 17:00 . 2015-06-11 18:48	36864	----a-w-	c:\windows\system32\UtcResources.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-12-15 21:26	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service; [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\users\Celle\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Celle\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1605000.07C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20150717.001\IDSvia64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20150717.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1605000.07C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1605000.07C\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 08:24]
.
2015-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001Core.job
- c:\users\Celle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-20 13:51]
.
2015-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001UA.job
- c:\users\Celle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-20 13:51]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06 23:08]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06 23:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-09 16:19	2471744	----a-w-	c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-12-15 19:59	357376	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = Google
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office15\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Celle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office15\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FA289FE9-B393-47EC-9529-43F8269CAD40}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Celle\AppData\Roaming\Mozilla\Firefox\Profiles\57ixx9bc.default-1437083685867\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124;c:\program files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-20  00:40:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-19 22:40
.
Vor Suchlauf: 14 Verzeichnis(se), 431.377.494.016 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 430.656.036.864 Bytes frei
.
- - End Of File - - B36488B0C566FED6DCB9284007CBD86B

--- --- ---

schrauber · 20.07.2015, 10:19

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Celle · 20.07.2015, 22:52

#AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 20/07/2015 um 23:24:58
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Celle - HUGO
# Gestarted von : C:\Users\Celle\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Probit Software
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\Users\Celle\music\qtrax media library
Ordner Gelöscht : C:\Users\Celle\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Celle\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\SecureSearch
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\Celle\AppData\Roaming\RHEng
Datei Gelöscht : C:\Windows\efix.ini
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Celle\AppData\Roaming\xaQ8DWYFKXGlDMrO7Rzbff4x
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i5l63p67.default\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\my.cfg
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js

***** [ Geplante Tasks ] *****

Task Gelöscht : BrowserDefendert
Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : Omiga Plus RunAsStdUser
Task Gelöscht : Reimage Reminder

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Kontakt.lnk
Verknüpfung Desinfiziert : C:\Users\Celle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Celle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Schlüssel Gelöscht : HKCU\Software\5b4d8d1bd35b817
Schlüssel Gelöscht : HKLM\SOFTWARE\5b4d8d1bd35b817
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3013E03D-89D5-4580-8560-DB198297CC29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{53FDCCB0-2404-4274-9002-5A3A1FD40426}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F2F1AE7C-149B-46D3-9498-12572C7AFE11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\FBDownloader
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\eFix
Schlüssel Gelöscht : HKCU\Software\Probit Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\omigaplusSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\eFix
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v39.0 (x86 de)

[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Astromenda");
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Astromenda");
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_119.code", "appAPI.internal.monetization = appAPI.internal.monetization  {};\nif [...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_13.name", "CrossriderAppUtils");
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_14.name", "CrossriderUtils");
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"isBackground!==true)&&(typeof _[...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_194.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal[...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_78.name", "CrossriderInfo");
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_vit_14_42_ff&cd=2XzuyEtN2Y1L1QzutCzz0FyEyC0AtD0C0C0E0DtAzyzy0D0FtN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDy[...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_vit_14_42_ff&cd=2XzuyEtN2Y1L1QzutCzz0FyEyC0AtD0C0C0E0DtAzyzy0D0FtN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzyt[...]
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[i5l63p67.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_vit_14_42_ff&cd=2XzuyEtN2Y1L1QzutCzz0FyEyC0AtD0C0C0E0DtAzyzy0D0FtN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBz[...]

-\\ Google Chrome v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [15846 Bytes] - [20/07/2015 23:23:06]
AdwCleaner[S0].txt - [14501 Bytes] - [20/07/2015 23:24:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14561  Bytes] ##########

--- --- ---

#
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Celle (administrator) on HUGO on 20-07-2015 23:43:10
Running from C:\Users\Celle\Downloads
Loaded Profiles: Celle (Available Profiles: Celle & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-11] (Dritek System Inc.)
HKU\S-1-5-21-153650677-751186265-679376906-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-21]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
HKU\S-1-5-21-153650677-751186265-679376906-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-153650677-751186265-679376906-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-153650677-751186265-679376906-1001 -> {C9B192AE-D37D-4554-92D0-24DB431F7EC3} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-03-18] (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-19] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-19] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F2B7D1CB-4101-416C-9E17-CD28B5599666}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FA289FE9-B393-47EC-9529-43F8269CAD40}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Celle\AppData\Roaming\Mozilla\Firefox\Profiles\57ixx9bc.default-1437083685867
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.2.72 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.2.72 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-153650677-751186265-679376906-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Celle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2012-03-18] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-03-18]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-20]

Chrome: 
=======
CHR Profile: C:\Users\Celle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Protection) - C:\Users\Celle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-03-18]
CHR Extension: (No Name) - C:\Users\Celle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-08-25]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.0.124\N360.exe [282016 2015-06-18] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-16] (Electronic Arts)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SpyHunter 4 Service; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-07] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-06] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-03] (REALiX(tm))
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20150717.001\IDSvia64.sys [692984 2015-07-16] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20150718.003\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20150718.003\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Celle\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 23:42 - 2015-07-20 23:43 - 02135552 _____ (Farbar) C:\Users\Celle\Downloads\FRST64.exe
2015-07-20 23:41 - 2015-07-20 23:41 - 00003167 _____ C:\Users\Celle\Desktop\JRT.txt
2015-07-20 23:30 - 2015-07-20 23:30 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Celle\Downloads\JRT.exe
2015-07-20 23:22 - 2015-07-20 23:25 - 00000000 ____D C:\AdwCleaner
2015-07-20 23:22 - 2015-07-20 23:22 - 02248704 _____ C:\Users\Celle\Downloads\AdwCleaner_4.208.exe
2015-07-20 23:02 - 2015-07-20 23:42 - 00000000 ____D C:\Users\Celle\Desktop\trojaner 20.07
2015-07-20 22:49 - 2015-07-20 22:49 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-20 22:48 - 2015-07-20 22:48 - 00001070 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-20 22:48 - 2015-07-20 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-20 22:48 - 2015-07-20 22:48 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-20 22:48 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-20 22:48 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-20 22:48 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-20 22:47 - 2015-07-20 22:48 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Celle\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-07-20 00:40 - 2015-07-20 00:40 - 00035061 _____ C:\ComboFix.txt
2015-07-20 00:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-20 00:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-20 00:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-20 00:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-20 00:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-20 00:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-20 00:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-20 00:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-20 00:18 - 2015-07-20 00:40 - 00000000 ____D C:\Qoobox
2015-07-20 00:18 - 2015-07-20 00:38 - 00000000 ____D C:\Windows\erdnt
2015-07-20 00:14 - 2015-07-20 00:15 - 05633411 ____R (Swearware) C:\Users\Celle\Downloads\ComboFix.exe
2015-07-18 10:53 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-18 10:53 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-18 10:53 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-18 10:53 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-18 10:53 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-18 10:53 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-18 10:53 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-18 10:53 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-18 10:53 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-18 10:53 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-18 10:53 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-18 10:53 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-18 10:53 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-18 10:53 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-18 10:53 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-18 10:53 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-18 10:53 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-18 10:53 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-18 10:53 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-18 10:53 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-18 10:53 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-18 10:53 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-18 10:53 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-18 10:53 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-18 10:53 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-18 10:53 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-18 10:53 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-18 10:53 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-18 10:53 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-18 10:53 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-18 10:53 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-18 10:53 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-18 10:53 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-18 10:53 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-18 10:53 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-18 10:53 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-18 10:53 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-18 10:53 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-18 10:53 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-18 10:53 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-18 10:53 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-18 10:53 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-18 10:53 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-18 10:53 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-18 10:53 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-18 10:53 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-18 10:53 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-18 10:53 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-18 10:53 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-18 10:53 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-18 10:53 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-18 10:53 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-18 10:53 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-18 10:53 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-18 10:53 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-18 10:53 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-18 10:53 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-18 10:53 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-18 10:52 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-18 10:52 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-18 10:52 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-18 10:52 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-18 10:52 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-18 10:52 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-18 10:52 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-18 10:52 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-18 10:52 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-18 10:52 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-18 10:52 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-18 10:52 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-18 10:52 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-18 10:52 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-18 10:52 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-18 10:52 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-18 10:52 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-18 10:52 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-18 10:52 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-18 10:52 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-18 10:52 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-18 10:52 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-18 10:52 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-18 10:52 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-18 10:52 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-18 10:52 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-18 10:52 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-18 10:52 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-18 10:52 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-18 10:52 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-18 10:52 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-18 10:52 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-18 10:52 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-18 10:52 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-18 10:52 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-18 10:52 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-18 10:52 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-18 10:52 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-18 10:52 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-18 10:52 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-18 10:52 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-18 10:52 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-18 10:52 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-18 10:52 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-18 10:52 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-18 10:52 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-18 10:52 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-18 10:52 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-18 10:52 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-18 10:52 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-18 10:51 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-18 10:51 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-18 10:51 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-18 10:51 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-18 10:51 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-18 10:51 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-18 10:51 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-18 10:51 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-18 10:51 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-18 10:51 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-18 10:51 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-18 10:51 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-18 10:51 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-18 10:51 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-18 10:51 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-18 10:51 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-18 10:51 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-18 10:51 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-18 10:51 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-18 10:51 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-18 10:51 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-18 10:51 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-18 10:51 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-18 10:51 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-18 10:51 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-18 10:51 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-18 10:51 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-18 10:51 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-18 10:51 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-17 14:34 - 2015-07-20 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-17 11:42 - 2015-07-17 11:42 - 00001232 _____ C:\Users\Celle\Desktop\Revo Uninstaller.lnk
2015-07-17 11:42 - 2015-07-17 11:42 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-17 11:41 - 2015-07-17 11:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Celle\Downloads\revosetup95.exe
2015-07-17 11:33 - 2015-07-17 11:34 - 00048456 _____ C:\Users\Celle\Downloads\Addition.txt
2015-07-17 11:32 - 2015-07-20 23:43 - 00018712 _____ C:\Users\Celle\Downloads\FRST.txt
2015-07-17 11:32 - 2015-07-20 23:43 - 00000000 ____D C:\FRST
2015-07-16 23:54 - 2015-07-16 23:54 - 00000000 ____D C:\Users\Celle\Desktop\Alte Firefox-Daten
2015-07-16 23:07 - 2015-07-16 23:07 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-16 22:58 - 2015-07-16 22:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2015-07-16 11:19 - 2015-07-16 22:58 - 00002368 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-07-16 10:24 - 2015-07-16 10:24 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-12 21:28 - 2015-07-12 21:28 - 00013172 _____ C:\Users\Celle\Desktop\30. geburtstag.ods
2015-07-09 14:24 - 2015-07-16 10:20 - 00000000 ____D C:\Users\Celle\Desktop\Arbeitsunfall BG
2015-06-26 21:19 - 2015-06-26 21:19 - 00789080 _____ (eFix®) C:\Users\Celle\Downloads\eFixPro.exe
2015-06-26 20:56 - 2015-06-26 20:56 - 00000000 ____D C:\NPE
2015-06-26 20:53 - 2015-06-26 21:17 - 00000000 ____D C:\Users\Celle\AppData\Local\NPE
2015-06-23 11:05 - 2015-06-23 11:05 - 00000000 ____D C:\Users\Celle\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 23:43 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 23:43 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 23:33 - 2014-08-26 20:59 - 00000000 ____D C:\Users\Celle\AppData\Roaming\IObit
2015-07-20 23:33 - 2014-08-26 20:59 - 00000000 ____D C:\ProgramData\IObit
2015-07-20 23:27 - 2013-07-07 01:08 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 23:26 - 2015-05-16 14:48 - 00067922 _____ C:\Windows\PFRO.log
2015-07-20 23:26 - 2015-05-16 14:48 - 00002029 _____ C:\Windows\setupact.log
2015-07-20 23:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 23:25 - 2011-09-29 20:27 - 00001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-20 23:25 - 2010-11-25 09:29 - 01996157 _____ C:\Windows\WindowsUpdate.log
2015-07-20 23:25 - 2010-09-08 05:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support
2015-07-20 23:24 - 2012-04-15 21:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 00:56 - 2012-04-20 22:13 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001UA.job
2015-07-20 00:40 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-20 00:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-20 00:31 - 2009-07-14 04:34 - 98828288 _____ C:\Windows\system32\config\software.bak
2015-07-20 00:31 - 2009-07-14 04:34 - 21233664 _____ C:\Windows\system32\config\system.bak
2015-07-20 00:31 - 2009-07-14 04:34 - 01310720 _____ C:\Windows\system32\config\default.bak
2015-07-20 00:31 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-07-20 00:31 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-07-20 00:30 - 2013-07-07 01:07 - 00000000 ____D C:\Users\Celle\AppData\Roaming\Common
2015-07-20 00:20 - 2011-10-02 19:28 - 00000000 ____D C:\Users\Celle\AppData\Local\CrashDumps
2015-07-20 00:11 - 2012-02-01 19:15 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D0394304-5AD5-45AC-8682-98C9B105D424}
2015-07-20 00:02 - 2009-07-14 06:45 - 00554288 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 00:01 - 2012-05-05 18:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-19 23:59 - 2015-04-09 11:08 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-19 23:59 - 2015-04-09 11:08 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-19 23:59 - 2014-12-12 04:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-19 23:59 - 2014-05-08 17:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-19 23:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-18 23:13 - 2013-07-15 13:11 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 22:58 - 2012-04-20 22:13 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-153650677-751186265-679376906-1001Core.job
2015-07-17 14:23 - 2010-11-25 09:34 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2015-07-17 00:28 - 2011-09-30 21:27 - 00000000 ____D C:\Users\Celle\AppData\Roaming\UseNeXT
2015-07-17 00:18 - 2014-12-30 00:39 - 00000000 ____D C:\ProgramData\Ableton
2015-07-17 00:16 - 2011-09-30 21:41 - 00000000 ____D C:\Users\Celle\Desktop\Eigene Musik USENEXT
2015-07-16 22:59 - 2013-03-18 20:35 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-16 22:59 - 2013-03-18 20:34 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-16 11:19 - 2013-03-18 20:35 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-16 11:19 - 2013-03-18 20:35 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-16 11:19 - 2013-03-18 20:35 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-16 11:19 - 2010-09-08 05:06 - 00000000 ____D C:\ProgramData\Norton
2015-07-16 11:16 - 2012-05-04 23:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-16 10:24 - 2012-04-15 21:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-16 10:24 - 2012-04-15 21:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-16 10:24 - 2011-09-29 21:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-16 10:22 - 2013-07-07 01:08 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 10:22 - 2013-07-07 01:08 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 10:22 - 2013-07-07 01:08 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 23:40 - 2011-10-15 01:50 - 00000000 ____D C:\ProgramData\Bagger-Simulator 2011
2015-07-03 08:43 - 2012-11-06 17:25 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-26 21:15 - 2011-09-29 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-06-26 21:14 - 2011-09-29 20:01 - 00000000 ____D C:\Users\Celle\AppData\Roaming\Skype
2015-06-26 21:13 - 2014-08-26 20:59 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-26 20:57 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-25 08:04 - 2010-11-25 18:19 - 00699682 _____ C:\Windows\system32\perfh007.dat
2015-06-25 08:04 - 2010-11-25 18:19 - 00149790 _____ C:\Windows\system32\perfc007.dat
2015-06-25 08:04 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 13:30 - 2011-11-28 15:55 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-21 10:20 - 2015-06-12 13:48 - 00000000 ____D C:\Users\Celle\Desktop\Neuer Ordner (2)

==================== Files in the root of some directories =======

2014-11-22 00:25 - 2014-11-22 00:25 - 0000097 _____ () C:\Users\Celle\AppData\Roaming\LauncherSettings_live.cfg
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Celle\AppData\Roaming\MMH5mDZMxlaWiMiOpxwK
2014-11-21 23:31 - 2014-11-21 23:31 - 0000039 _____ () C:\Users\Celle\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Celle\AppData\Roaming\TZ6nxY1skhZJk4GAQsnW9In8qXF
2013-09-06 19:28 - 2013-09-07 15:41 - 0003584 _____ () C:\Users\Celle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-20 21:31 - 2015-01-20 21:31 - 0004171 _____ () C:\Users\Celle\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Celle\ffdshow.reg


Some files in TEMP:
====================
C:\Users\Celle\AppData\Local\Temp\Quarantine.exe
C:\Users\Celle\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-25 04:28

==================== End of log ============================

--- --- ---

#JRT Logfile:

Code:

ATTFilter

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Celle on 20.07.2015 at 23:30:55,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Celle)
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Administrator
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Celle



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102}



~~~ Files

Successfully deleted: [File] C:\Users\Celle\Appdata\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com
Successfully deleted: [File] C:\Windows\SysWOW64\FAPBD21.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\FAPFAAB.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho205D.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\sho7F20.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoC922.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoE41D.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoF1DC.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoF3ED.tmp



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Celle\Appdata\Local\com
Successfully deleted: [Folder] C:\Users\Celle\Appdata\Local\newsoft
Successfully deleted: [Folder] C:\Users\Celle\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\Celle\AppData\Roaming\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\Celle\AppData\Roaming\newsoft
Successfully deleted: [Folder] C:\Users\Celle\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Celle\Documents\my pagemanager



~~~ Chrome


[C:\Users\Celle\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Celle\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Celle\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Celle\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.07.2015 at 23:41:13,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

# Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.07.2015
Suchlauf-Zeit: 22:49:42
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.20.06
Rootkit Datenbank: v2015.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Celle

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 434050
Verstrichene Zeit: 27 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 77
PUP.Optional.PCPerformer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}, In Quarantäne, [739320c46327d85e64a48e37d13101ff],
PUP.Optional.PCPerformer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}, In Quarantäne, [739320c46327d85e64a48e37d13101ff],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [3bcbac388efcce68d2542d651ce8cd33],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [fb0b36ae8109d660ec38b3df838114ec],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [ae58e5ff246666d0a28281111de79a66],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [92743ba93c4e0e2865c1d6bcee167c84],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [2adc28bc0e7cf73f7ea8464ce024f20e],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [c93d16ce701ac86e7ea6eaa81de7d030],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1, In Quarantäne, [64a2e9fb2d5d77bf4d59475031d3a15f],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [996db0349bef83b371b50d852ed650b0],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [d135895be6a4d363e044bad84cb8c43c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [6b9bd3110a8078bed450880a768e27d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [39cdd311e0aacb6bdc4ab6dcff05cd33],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [5da933b105852a0c1313b9d974904eb2],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC7ACA07-F644-483E-8991-E9D894F39EFB}, In Quarantäne, [ed196183f99135010e18ade5010302fe],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0A7F8A7-989D-454D-B3B3-9447365D692F}, In Quarantäne, [ae58a53fcdbd7db9fc29c3cf25df5ea2],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F06CC798-2689-4181-9BC9-784CFBC2A1A5}, In Quarantäne, [050170747a105ed89b89eea4a064cc34],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [62a41bc99febcb6bba6a731fd034d22e],
PUP.Optional.FileScout.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\FileScout, In Quarantäne, [cb3bd80c1f6bbf7703030d8ac044d927],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}, In Quarantäne, [34d2568e325848ee20027220e4206b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}, In Quarantäne, [0501766e7f0b69cd160c197951b39c64],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}, In Quarantäne, [c0460adad1b9e650fe257a189b6960a0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}, In Quarantäne, [d92da3415337d561fc27821040c49868],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}, In Quarantäne, [699d00e43c4ebc7a8d95a4ee2ada52ae],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}, In Quarantäne, [0afceafa4842fb3b76acabe7768ecc34],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}, In Quarantäne, [dc2ad90b246689ad3ee5306258ac28d8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}, In Quarantäne, [47bfb3310882d6601210eea4996bfc04],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}, In Quarantäne, [6c9ae103335762d459c9335f8f756e92],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}, In Quarantäne, [a363667efa90290d57cc3d55cf3511ef],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}, In Quarantäne, [8a7c22c2197179bd5bc8801217edaa56],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}, In Quarantäne, [778f1fc52f5bfb3bdb477f1357ad6a96],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [56b039abf49668ce978ccdc5e123e020],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}, In Quarantäne, [a4626f755e2ce94d988b444e41c38a76],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}, In Quarantäne, [0402eef6c1c9f93d2ff3019163a1b54b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}, In Quarantäne, [aa5c974d810996a0f52d0290aa5a6e92],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [1beb3ea6b3d7bb7b3ee3eda53aca38c8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}, In Quarantäne, [43c3f2f2107a76c01211058dcf35ec14],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}, In Quarantäne, [02045a8ae4a685b1869ca6ec956fe61a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}, In Quarantäne, [eb1bdc08e0aa1224c3601c764fb58f71],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [5aace0047119181eb46df2a034d021df],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}, In Quarantäne, [dd2952924c3e89ad5dc5cdc56a9a3dc3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}, In Quarantäne, [c5417f65ee9c191d9f83e9a956ae8080],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}, In Quarantäne, [897dd50f3753f73ff231c4ce5ea6926e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [6d99a242d5b5e254d64df89a51b3dc24],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [27df6e767119c373ef344052ec1805fb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}, In Quarantäne, [3ec8eef6f7932c0a938fd2c0c63e966a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}, In Quarantäne, [85815b89f69476c031f21a780afac53b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [b05611d37e0c5bdb031e3b5745bf39c7],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}, In Quarantäne, [996dedf75d2d5ed86cb6484a54b0c63a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}, In Quarantäne, [0ff77173781247efa082454d39cb669a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}, In Quarantäne, [e224578dc5c50f270e15c9c9f3119b65],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}, In Quarantäne, [996ddc08b1d950e60a193c56ba4a55ab],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}, In Quarantäne, [56b0e8fc008aa59166bc2270966e34cc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}, In Quarantäne, [17ef39ab15750135af73177b56ae1ae6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}, In Quarantäne, [3fc7f8ec3c4eea4c91926230000427d9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}, In Quarantäne, [8680ba2a474364d29191f89abc486f91],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}, In Quarantäne, [838307dd35556dc9e43e5141f70d16ea],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}, In Quarantäne, [64a215cffe8c2f072cf7434f7e86fd03],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}, In Quarantäne, [a165b1332e5c2c0a0d16f1a105ffeb15],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}, In Quarantäne, [4abc598b5436a690ef33f39fb2529769],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [0204d80cb7d356e058cbaee430d416ea],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}, In Quarantäne, [7096aa3acfbb181e6eb5f59dc53fa65a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}, In Quarantäne, [bc4aa143662473c3e9398a08788ce11f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}, In Quarantäne, [b74f1cc8e3a77fb7180a7121f3114ab6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [ee18d21224668caa3be6a1f1cb39d729],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}, In Quarantäne, [c442c51f96f480b6a87bd8ba2ed68a76],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}, In Quarantäne, [f80e9e46c8c2181ef82aeba7f21250b0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}, In Quarantäne, [a95d875dbcce4beb40e31d759371fc04],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [b84e1fc52466a88e938ebcd6a95bec14],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}, In Quarantäne, [c145994b9eec48ee01219bf7e1233ec2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}, In Quarantäne, [c0460ed653371422c35f99f9c1439769],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}, In Quarantäne, [95719f452367ef47e93a2c66d33135cb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [4cba1dc7e1a9f73fe241167c30d49b65],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [1ee8c91bdab0ec4a36ed95fdf31104fc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}, In Quarantäne, [c4425b898bff6bcb75ad3062857f3fc1],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}, In Quarantäne, [6c9ae0047d0dce68ed3661315da77e82],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [6d99459f63270e28a47d97fb2ed6dc24],

Registrierungswerte: 73
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [3bcbac388efcce68d2542d651ce8cd33]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [fb0b36ae8109d660ec38b3df838114ec]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [ae58e5ff246666d0a28281111de79a66]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [92743ba93c4e0e2865c1d6bcee167c84]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [2adc28bc0e7cf73f7ea8464ce024f20e]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [c93d16ce701ac86e7ea6eaa81de7d030]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [996db0349bef83b371b50d852ed650b0]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [d135895be6a4d363e044bad84cb8c43c]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [6b9bd3110a8078bed450880a768e27d9]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [39cdd311e0aacb6bdc4ab6dcff05cd33]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [5da933b105852a0c1313b9d974904eb2]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cc7aca07-f644-483e-8991-e9d894f39efb}|AppName, Plus-HD-1.6-codedownloader.exe, In Quarantäne, [ed196183f99135010e18ade5010302fe]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e0a7f8a7-989d-454d-b3b3-9447365d692f}|AppName, Plus-HD-1.6-buttonutil.exe, In Quarantäne, [ae58a53fcdbd7db9fc29c3cf25df5ea2]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f06cc798-2689-4181-9bc9-784cfbc2a1a5}|AppName, Plus-HD-1.6-bg.exe, In Quarantäne, [050170747a105ed89b89eea4a064cc34]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [62a41bc99febcb6bba6a731fd034d22e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [34d2568e325848ee20027220e4206b95]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [0501766e7f0b69cd160c197951b39c64]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [c0460adad1b9e650fe257a189b6960a0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [d92da3415337d561fc27821040c49868]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [699d00e43c4ebc7a8d95a4ee2ada52ae]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [0afceafa4842fb3b76acabe7768ecc34]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [dc2ad90b246689ad3ee5306258ac28d8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [47bfb3310882d6601210eea4996bfc04]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [6c9ae103335762d459c9335f8f756e92]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [a363667efa90290d57cc3d55cf3511ef]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [8a7c22c2197179bd5bc8801217edaa56]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [778f1fc52f5bfb3bdb477f1357ad6a96]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [56b039abf49668ce978ccdc5e123e020]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [a4626f755e2ce94d988b444e41c38a76]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [0402eef6c1c9f93d2ff3019163a1b54b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [aa5c974d810996a0f52d0290aa5a6e92]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [1beb3ea6b3d7bb7b3ee3eda53aca38c8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [43c3f2f2107a76c01211058dcf35ec14]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [02045a8ae4a685b1869ca6ec956fe61a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [eb1bdc08e0aa1224c3601c764fb58f71]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [5aace0047119181eb46df2a034d021df]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [dd2952924c3e89ad5dc5cdc56a9a3dc3]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [c5417f65ee9c191d9f83e9a956ae8080]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [897dd50f3753f73ff231c4ce5ea6926e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [6d99a242d5b5e254d64df89a51b3dc24]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [27df6e767119c373ef344052ec1805fb]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [3ec8eef6f7932c0a938fd2c0c63e966a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [85815b89f69476c031f21a780afac53b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [b05611d37e0c5bdb031e3b5745bf39c7]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [996dedf75d2d5ed86cb6484a54b0c63a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [0ff77173781247efa082454d39cb669a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [e224578dc5c50f270e15c9c9f3119b65]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [996ddc08b1d950e60a193c56ba4a55ab]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [56b0e8fc008aa59166bc2270966e34cc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [17ef39ab15750135af73177b56ae1ae6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [3fc7f8ec3c4eea4c91926230000427d9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [8680ba2a474364d29191f89abc486f91]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [838307dd35556dc9e43e5141f70d16ea]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [64a215cffe8c2f072cf7434f7e86fd03]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [a165b1332e5c2c0a0d16f1a105ffeb15]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [4abc598b5436a690ef33f39fb2529769]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [0204d80cb7d356e058cbaee430d416ea]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [7096aa3acfbb181e6eb5f59dc53fa65a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [bc4aa143662473c3e9398a08788ce11f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [b74f1cc8e3a77fb7180a7121f3114ab6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [ee18d21224668caa3be6a1f1cb39d729]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [c442c51f96f480b6a87bd8ba2ed68a76]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [f80e9e46c8c2181ef82aeba7f21250b0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [a95d875dbcce4beb40e31d759371fc04]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [b84e1fc52466a88e938ebcd6a95bec14]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [c145994b9eec48ee01219bf7e1233ec2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [c0460ed653371422c35f99f9c1439769]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [95719f452367ef47e93a2c66d33135cb]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [4cba1dc7e1a9f73fe241167c30d49b65]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [1ee8c91bdab0ec4a36ed95fdf31104fc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [c4425b898bff6bcb75ad3062857f3fc1]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [6c9ae0047d0dce68ed3661315da77e82]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [6d99459f63270e28a47d97fb2ed6dc24]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 2
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [24e20bd9f694e84e00d49e6541c252ae],
PUP.Optional.BundleInstaller.A, C:\Users\Celle\AppData\Roaming\0V1L2Z2Z1T1I1L1T, In Quarantäne, [b1557173ec9e60d6ed3764a0798a837d],

Dateien: 1
PUP.Optional.OmigaPlus.A, C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser, In Quarantäne, [927420c490fa9a9c315a8316ea1a0cf4],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)

(end)

Celle · 20.07.2015, 22:54

# Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.07.2015
Suchlauf-Zeit: 22:49:42
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.20.06
Rootkit Datenbank: v2015.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Celle

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 434050
Verstrichene Zeit: 27 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 77
PUP.Optional.PCPerformer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}, In Quarantäne, [739320c46327d85e64a48e37d13101ff],
PUP.Optional.PCPerformer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}, In Quarantäne, [739320c46327d85e64a48e37d13101ff],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [3bcbac388efcce68d2542d651ce8cd33],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [fb0b36ae8109d660ec38b3df838114ec],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [ae58e5ff246666d0a28281111de79a66],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [92743ba93c4e0e2865c1d6bcee167c84],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [2adc28bc0e7cf73f7ea8464ce024f20e],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [c93d16ce701ac86e7ea6eaa81de7d030],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1, In Quarantäne, [64a2e9fb2d5d77bf4d59475031d3a15f],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [996db0349bef83b371b50d852ed650b0],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [d135895be6a4d363e044bad84cb8c43c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [6b9bd3110a8078bed450880a768e27d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [39cdd311e0aacb6bdc4ab6dcff05cd33],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [5da933b105852a0c1313b9d974904eb2],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC7ACA07-F644-483E-8991-E9D894F39EFB}, In Quarantäne, [ed196183f99135010e18ade5010302fe],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0A7F8A7-989D-454D-B3B3-9447365D692F}, In Quarantäne, [ae58a53fcdbd7db9fc29c3cf25df5ea2],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F06CC798-2689-4181-9BC9-784CFBC2A1A5}, In Quarantäne, [050170747a105ed89b89eea4a064cc34],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [62a41bc99febcb6bba6a731fd034d22e],
PUP.Optional.FileScout.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\FileScout, In Quarantäne, [cb3bd80c1f6bbf7703030d8ac044d927],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}, In Quarantäne, [34d2568e325848ee20027220e4206b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}, In Quarantäne, [0501766e7f0b69cd160c197951b39c64],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}, In Quarantäne, [c0460adad1b9e650fe257a189b6960a0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}, In Quarantäne, [d92da3415337d561fc27821040c49868],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}, In Quarantäne, [699d00e43c4ebc7a8d95a4ee2ada52ae],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}, In Quarantäne, [0afceafa4842fb3b76acabe7768ecc34],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}, In Quarantäne, [dc2ad90b246689ad3ee5306258ac28d8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}, In Quarantäne, [47bfb3310882d6601210eea4996bfc04],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}, In Quarantäne, [6c9ae103335762d459c9335f8f756e92],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}, In Quarantäne, [a363667efa90290d57cc3d55cf3511ef],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}, In Quarantäne, [8a7c22c2197179bd5bc8801217edaa56],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}, In Quarantäne, [778f1fc52f5bfb3bdb477f1357ad6a96],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [56b039abf49668ce978ccdc5e123e020],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}, In Quarantäne, [a4626f755e2ce94d988b444e41c38a76],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}, In Quarantäne, [0402eef6c1c9f93d2ff3019163a1b54b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}, In Quarantäne, [aa5c974d810996a0f52d0290aa5a6e92],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [1beb3ea6b3d7bb7b3ee3eda53aca38c8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}, In Quarantäne, [43c3f2f2107a76c01211058dcf35ec14],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}, In Quarantäne, [02045a8ae4a685b1869ca6ec956fe61a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}, In Quarantäne, [eb1bdc08e0aa1224c3601c764fb58f71],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [5aace0047119181eb46df2a034d021df],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}, In Quarantäne, [dd2952924c3e89ad5dc5cdc56a9a3dc3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}, In Quarantäne, [c5417f65ee9c191d9f83e9a956ae8080],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}, In Quarantäne, [897dd50f3753f73ff231c4ce5ea6926e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [6d99a242d5b5e254d64df89a51b3dc24],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [27df6e767119c373ef344052ec1805fb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}, In Quarantäne, [3ec8eef6f7932c0a938fd2c0c63e966a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}, In Quarantäne, [85815b89f69476c031f21a780afac53b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [b05611d37e0c5bdb031e3b5745bf39c7],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}, In Quarantäne, [996dedf75d2d5ed86cb6484a54b0c63a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}, In Quarantäne, [0ff77173781247efa082454d39cb669a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}, In Quarantäne, [e224578dc5c50f270e15c9c9f3119b65],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}, In Quarantäne, [996ddc08b1d950e60a193c56ba4a55ab],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}, In Quarantäne, [56b0e8fc008aa59166bc2270966e34cc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}, In Quarantäne, [17ef39ab15750135af73177b56ae1ae6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}, In Quarantäne, [3fc7f8ec3c4eea4c91926230000427d9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}, In Quarantäne, [8680ba2a474364d29191f89abc486f91],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}, In Quarantäne, [838307dd35556dc9e43e5141f70d16ea],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}, In Quarantäne, [64a215cffe8c2f072cf7434f7e86fd03],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}, In Quarantäne, [a165b1332e5c2c0a0d16f1a105ffeb15],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}, In Quarantäne, [4abc598b5436a690ef33f39fb2529769],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A3D7DAD-3AF0-4B25-9DB7-1D7E4F4BF06D}, In Quarantäne, [0204d80cb7d356e058cbaee430d416ea],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}, In Quarantäne, [7096aa3acfbb181e6eb5f59dc53fa65a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}, In Quarantäne, [bc4aa143662473c3e9398a08788ce11f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}, In Quarantäne, [b74f1cc8e3a77fb7180a7121f3114ab6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216B64-8123-4812-AD07-3B57D7F3B5C4}, In Quarantäne, [ee18d21224668caa3be6a1f1cb39d729],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}, In Quarantäne, [c442c51f96f480b6a87bd8ba2ed68a76],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}, In Quarantäne, [f80e9e46c8c2181ef82aeba7f21250b0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}, In Quarantäne, [a95d875dbcce4beb40e31d759371fc04],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CEE78B1-0949-46D4-B59B-5E8EAD58EDA9}, In Quarantäne, [b84e1fc52466a88e938ebcd6a95bec14],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}, In Quarantäne, [c145994b9eec48ee01219bf7e1233ec2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}, In Quarantäne, [c0460ed653371422c35f99f9c1439769],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}, In Quarantäne, [95719f452367ef47e93a2c66d33135cb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C61FFDAD-BF99-43BE-A89B-7F55A4AC357F}, In Quarantäne, [4cba1dc7e1a9f73fe241167c30d49b65],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6C1DDF3-E949-4FC8-AE02-8A7B1909D489}, In Quarantäne, [1ee8c91bdab0ec4a36ed95fdf31104fc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}, In Quarantäne, [c4425b898bff6bcb75ad3062857f3fc1],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}, In Quarantäne, [6c9ae0047d0dce68ed3661315da77e82],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F102A07A-4502-4E54-BB9C-BAE4B067D2F9}, In Quarantäne, [6d99459f63270e28a47d97fb2ed6dc24],

Registrierungswerte: 73
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [3bcbac388efcce68d2542d651ce8cd33]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [fb0b36ae8109d660ec38b3df838114ec]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [ae58e5ff246666d0a28281111de79a66]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [92743ba93c4e0e2865c1d6bcee167c84]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [2adc28bc0e7cf73f7ea8464ce024f20e]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [c93d16ce701ac86e7ea6eaa81de7d030]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [996db0349bef83b371b50d852ed650b0]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [d135895be6a4d363e044bad84cb8c43c]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [6b9bd3110a8078bed450880a768e27d9]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [39cdd311e0aacb6bdc4ab6dcff05cd33]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [5da933b105852a0c1313b9d974904eb2]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cc7aca07-f644-483e-8991-e9d894f39efb}|AppName, Plus-HD-1.6-codedownloader.exe, In Quarantäne, [ed196183f99135010e18ade5010302fe]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e0a7f8a7-989d-454d-b3b3-9447365d692f}|AppName, Plus-HD-1.6-buttonutil.exe, In Quarantäne, [ae58a53fcdbd7db9fc29c3cf25df5ea2]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f06cc798-2689-4181-9bc9-784cfbc2a1a5}|AppName, Plus-HD-1.6-bg.exe, In Quarantäne, [050170747a105ed89b89eea4a064cc34]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [62a41bc99febcb6bba6a731fd034d22e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [34d2568e325848ee20027220e4206b95]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [0501766e7f0b69cd160c197951b39c64]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [c0460adad1b9e650fe257a189b6960a0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [d92da3415337d561fc27821040c49868]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [699d00e43c4ebc7a8d95a4ee2ada52ae]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [0afceafa4842fb3b76acabe7768ecc34]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [dc2ad90b246689ad3ee5306258ac28d8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [47bfb3310882d6601210eea4996bfc04]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [6c9ae103335762d459c9335f8f756e92]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [a363667efa90290d57cc3d55cf3511ef]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [8a7c22c2197179bd5bc8801217edaa56]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [778f1fc52f5bfb3bdb477f1357ad6a96]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [56b039abf49668ce978ccdc5e123e020]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [a4626f755e2ce94d988b444e41c38a76]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [0402eef6c1c9f93d2ff3019163a1b54b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [aa5c974d810996a0f52d0290aa5a6e92]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [1beb3ea6b3d7bb7b3ee3eda53aca38c8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [43c3f2f2107a76c01211058dcf35ec14]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [02045a8ae4a685b1869ca6ec956fe61a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [eb1bdc08e0aa1224c3601c764fb58f71]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [5aace0047119181eb46df2a034d021df]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [dd2952924c3e89ad5dc5cdc56a9a3dc3]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [c5417f65ee9c191d9f83e9a956ae8080]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [897dd50f3753f73ff231c4ce5ea6926e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [6d99a242d5b5e254d64df89a51b3dc24]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [27df6e767119c373ef344052ec1805fb]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [3ec8eef6f7932c0a938fd2c0c63e966a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [85815b89f69476c031f21a780afac53b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [b05611d37e0c5bdb031e3b5745bf39c7]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AFA7F3-122C-4549-9DC5-60203E9D4FB6}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [996dedf75d2d5ed86cb6484a54b0c63a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D648768-FC46-400B-8AE6-4BE685F9C6B1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [0ff77173781247efa082454d39cb669a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2099F05C-FAE4-4C67-B334-A282BA3D1B43}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [e224578dc5c50f270e15c9c9f3119b65]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29DAB378-C78D-4247-A447-DC4E8B76CBB1}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [996ddc08b1d950e60a193c56ba4a55ab]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E68020F-E6AA-4932-9B6B-5F191F508919}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [56b0e8fc008aa59166bc2270966e34cc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2EDEDF7F-F449-4C2F-A0FF-2E74A0488F81}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [17ef39ab15750135af73177b56ae1ae6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A4EC15B-FD18-4181-8232-C1279CF7EEB2}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [3fc7f8ec3c4eea4c91926230000427d9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43DF0F6F-2E4E-4DB9-B012-1BA5BF8AA857}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [8680ba2a474364d29191f89abc486f91]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47DF21CA-6B03-4949-A244-A0707F6E9B2F}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [838307dd35556dc9e43e5141f70d16ea]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B9685E3-80D4-4EC1-B07C-63D8B7AF863B}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [64a215cffe8c2f072cf7434f7e86fd03]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5874F8AB-3392-442F-9F47-355BF57F36BC}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [a165b1332e5c2c0a0d16f1a105ffeb15]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66DB5ED4-D8AC-41B3-A0CD-8F10824CA27D}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [4abc598b5436a690ef33f39fb2529769]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a3d7dad-3af0-4b25-9db7-1d7e4f4bf06d}|AppName, videos MediaPlay-Air-codedownloader.exe, In Quarantäne, [0204d80cb7d356e058cbaee430d416ea]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AAA09BB-71EA-409E-8969-78111B87D840}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [7096aa3acfbb181e6eb5f59dc53fa65a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71D5B60D-6F67-4E6A-BF80-F68973D9E9C2}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [bc4aa143662473c3e9398a08788ce11f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{772B428A-1424-48BE-AF62-F7A2EA60A12E}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [b74f1cc8e3a77fb7180a7121f3114ab6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79216b64-8123-4812-ad07-3b57d7f3b5c4}|AppName, Browsers Apps-bg.exe, In Quarantäne, [ee18d21224668caa3be6a1f1cb39d729]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AA7A049-5C49-4844-9CCE-AFEC5E5429BF}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [c442c51f96f480b6a87bd8ba2ed68a76]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E5927AD-21DB-4275-A057-171997B33D6A}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [f80e9e46c8c2181ef82aeba7f21250b0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{922B68FA-AA01-4B1A-8C13-159DED1A5853}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [a95d875dbcce4beb40e31d759371fc04]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cee78b1-0949-46d4-b59b-5e8ead58eda9}|AppName, Cinema-Plus-1.2-bg.exe, In Quarantäne, [b84e1fc52466a88e938ebcd6a95bec14]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A775B48B-43C2-41A1-9F27-F3CC8296B49C}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [c145994b9eec48ee01219bf7e1233ec2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF0A9122-BB54-4ED2-B5E5-3EFDACB035D0}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-buttonutil.exe, In Quarantäne, [c0460ed653371422c35f99f9c1439769]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B461E875-F72B-4E78-BC8E-6C9EB5FABACA}|AppName, afcc8666-d08e-4ab0-a0ff-79c55510f789-2.exe-codedownloader.exe, In Quarantäne, [95719f452367ef47e93a2c66d33135cb]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c61ffdad-bf99-43be-a89b-7f55a4ac357f}|AppName, Cinema-Plus-1.2-codedownloader.exe, In Quarantäne, [4cba1dc7e1a9f73fe241167c30d49b65]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c6c1ddf3-e949-4fc8-ae02-8a7b1909d489}|AppName, Browsers Apps-codedownloader.exe, In Quarantäne, [1ee8c91bdab0ec4a36ed95fdf31104fc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD0D6D3C-29A2-48FE-A2EF-A9BEA44C5928}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-buttonutil.exe, In Quarantäne, [c4425b898bff6bcb75ad3062857f3fc1]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB558F2E-B601-4DC9-AF50-C96447722E78}|AppName, 41f15ba2-5d0b-412b-81e8-80fe4a0746de-2.exe-codedownloader.exe, In Quarantäne, [6c9ae0047d0dce68ed3661315da77e82]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-153650677-751186265-679376906-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f102a07a-4502-4e54-bb9c-bae4b067d2f9}|AppName, videos MediaPlay-Air-bg.exe, In Quarantäne, [6d99459f63270e28a47d97fb2ed6dc24]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 2
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [24e20bd9f694e84e00d49e6541c252ae],
PUP.Optional.BundleInstaller.A, C:\Users\Celle\AppData\Roaming\0V1L2Z2Z1T1I1L1T, In Quarantäne, [b1557173ec9e60d6ed3764a0798a837d],

Dateien: 1
PUP.Optional.OmigaPlus.A, C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser, In Quarantäne, [927420c490fa9a9c315a8316ea1a0cf4],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)

(end)

schrauber · 21.07.2015, 17:23

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung

Log-Analyse und Auswertung: Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung