| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.07.2015, 16:55
| #1 |
 |  PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Hallo Zusammen, Anti Malewarebyts hat bei mir einige Bedrohungen entdeckt. Ich habe mir das beim Download eines Programmes über einen Chip Link eingefangen! Seitdem öffnen sich ständig eigenständig Internetseiten und meine Startseite verstellt sich automatisch. ausserdem haben sich selbstständig Programme installiert wie: DoctoPDFCoverter oder AnyProtect Ich wäre über eure Hilfe sehr dankbar!!! Die Logfiles habe ich alle als Zip angehängt. Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:26 on 21/07/2015 (Christian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Geändert von Wiedchr (21.07.2015 um 17:01 Uhr) |
|
21.07.2015, 17:01
| #2 |
| /// the machine /// TB-Ausbilder    | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.07.2015, 17:41
| #3 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Gerne!
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 21.07.2015 Suchlaufzeit: 16:58 Protokolldatei: Malewarebyts.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.21.04 Rootkit-Datenbank: v2015.07.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Christian Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 406789 Abgelaufene Zeit: 30 Min., 0 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 7 PUP.Optional.WordSurfer.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe, 8752, , [6dfb578d7a1034024b0fa2c99b6a27d9] PUP.Optional.WProtectManager.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 2968, , [c3a51cc83852b3832fb1f278b055ed13] PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, 8960, , [79eff8ec2b5f122467a3481468999070] PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp, 7832, , [194f657f2a60ac8af941b9e3a75d639d] PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp, 7036, , [194f657f2a60ac8af941b9e3a75d639d] PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\CmdShell.exe, 8940, , [a0c8faeab6d4f14530c61fe5d82bcc34] PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\HPNotify.exe, 9040, , [a0c8faeab6d4f14530c61fe5d82bcc34] Module: 9 PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchFF.dll, , [4b1d994bcac0f73fdfffa07e57aef10f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\BrowserAction.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\IeWatchDog.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], Registrierungsschlüssel: 52 PUP.Optional.WordSurfer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsasvc_1.10.0.19, , [6dfb578d7a1034024b0fa2c99b6a27d9], PUP.Optional.WProtectManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [c3a51cc83852b3832fb1f278b055ed13], PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [79eff8ec2b5f122467a3481468999070], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.SupTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.WordSurfer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WordSurfer_1.10.0.19, , [a4c4c61e8dfd2f073a20a1ca49bc738d], PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gytehucu, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zejytose, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [b4b45b890585d6602697d8b349bb867a], PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, , [590f9f45f8929c9aff918f79a85b07f9], PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, , [1d4b7c687e0cff3799097594c93a916f], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [462209db4d3d092d35f97c9edc2747b9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [a1c7f0f427631224238c8ec241c235cb], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [392f09db84061620086860ce996ab848], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [cc9c19cb296160d646bbc3bc4db759a7], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, , [88e0964e48426acc36b484929271dd23], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [0a5edc08434790a60bb265264bb925db], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [095fb62eb4d6ad8940d122f2a95ad42c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [92d62eb69bef47ef001044d0b94a35cb], PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [a8c07470a7e30d29ba86a1eb58ac3cc4], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [4028e7fdf595c57197fd140d63a0758b], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [0b5d697b9ded9d997e91ad676c97c33d], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [4e1a0ed62268f14551b565c8f013cf31], PUP.Optional.WordSurfer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsafd_1_10_0_19, , [3731677d800a20164fb7cad2c83c29d7], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [cd9b9f454248a3939447e43fd3304eb2], PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\AskPartnerNetwork, , [2642ebf9fc8eff370c83b94f25de718f], PUP.Optional.HomeTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\HomeTab, , [99cf1acab8d264d23fbb4eede81bf60a], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\SearchProtectWS, , [135502e225653303cd4662b215eed32d], PUP.Optional.TNT.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\TNT2, , [3a2ed0142a606bcb64594dc80cf731cf], PUP.Optional.Wajam.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\WajIEnhance, , [3038984c90fac076e5db76a531d219e7], PUP.Optional.Wajam.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\WajIntEnhance, , [4b1dc420494182b42cbf9f77a65d9070], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [2b3d7371a1e9be78bc002962e51fca36], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, , [fd6bebf9ed9d0333279596f5e321bf41], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [05634b99256555e1dede4b40ff05fc04], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, , [e682edf7ccbe1323edcf701bd72de020], PUP.Optional.Iminent.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [85e3f1f3721843f32c8b27e9c2418c74], PUP.Optional.Iminent.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [1f49855f75154ee88f29c24e5fa46898], PUP.Optional.Linkey.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [6701e301f69491a537820808cf342fd1], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [a6c29a4a1575af87fefe69262dd733cd], PUP.Optional.Vosteran.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [1f496e768efc54e29525759ba55e8977], PUP.Optional.Wajam.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [79efd2124743d56119a21ef25fa48c74], PUP.Optional.HomeTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\SIMPLYTECH\HomeTab, , [d098925243478caa15f425287b88748c], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\istartsurf uninstall, , [6ff9f1f36e1cd85e35f15893c042a15f], Registrierungswerte: 17 PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, , [b4b45b890585d6602697d8b349bb867a] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, , [5a0e4c981377b87e536a206b6a9a08f8] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, , [0a5edc08434790a60bb265264bb925db] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, , [94d4c4204545dc5afcc15338c93bb848] PUP.Optional.Package.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Update, C:\Users\Christian\AppData\Roaming\ASPackage\ASPackage.exe /runonce, , [75f313d196f4e74fc309a6ea4db74fb1] PUP.Optional.DeskCut.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskCutv2@gmail.com, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com, , [0761e8fc6e1c9d99aed043c3a261a060] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, face, , [4e1a0ed62268f14551b565c8f013cf31] PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsasvc_1.10.0.19|ImagePath, "C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe", , [b0b84e965337cb6b21fd8012b64ea25e] PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gytehucu|ImagePath, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp, , [bfa9fee6672368ce5670880322e250b0] PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zejytose|ImagePath, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp, , [1b4d954f8802b87e46812962c0441ce4] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms}, , [2b3d7371a1e9be78bc002962e51fca36] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms}, , [fd6bebf9ed9d0333279596f5e321bf41] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.istartsurf.com//favicon.ico, , [0464cc18523891a50fad4e3d13f1e11f] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, , [05634b99256555e1dede4b40ff05fc04] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms}, , [4a1e09db1773dc5a7a42b9d250b4827e] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, , [e3854a9af19925110cb01972c63e718f] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms}, , [e682edf7ccbe1323edcf701bd72de020] Registrierungsdaten: 18 PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[0d5b07ddd3b7d95d02526cc0d233d52b] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[a3c5568e2a60b08624310923f015f907] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),,[3c2cc3216a20b48243cd9d8eed1846ba] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[0e5a8361e2a8053158b8a289b05545bb] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[83e5bd275b2fcd6998789b90996c02fe] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),,[fb6d30b4aedcf83e23ed29020bfad52b] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[1b4d24c0ef9b4bebfe8fcf670cf9e21e] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[4d1b697bfa903df9e56f2a0253b28d73] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[b4b45a8ae9a17eb8d97c3bf1030250b0] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),,[3c2cf1f32a60e94d1bf5cc5f13f20bf5] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[77f1f7edd6b4cd69d937a5864eb76898] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[3731697b89018ea819f79299fe07867a] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),,[600838acaae0ae88b35d85a60afb5aa6] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[1c4cc0242367082e4a439b9b85800ef2] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[234527bdafdb191d838bbc6fb94c11ef] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),,[a9bffce8d6b4c175ac6255d614f13bc5] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),,[bbaddc08ef9bed4929e50823ad58aa56] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),,[8ddb4b9996f4360069a5df4c0ff60000] Ordner: 81 PUP.Optional.Convert, C:\Users\Christian\AppData\Roaming\PDFConvert, , [056307dd9cee78be54f46533966e15eb], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [b7b18a5a64262b0bd31614d237cb649c], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [b7b18a5a64262b0bd31614d237cb649c], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [6afe0cd8a2e871c588679d5dad5522de], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [6afe0cd8a2e871c588679d5dad5522de], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup, , [76f2b1332d5d04327373ee127093e51b], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\installer, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\language, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\logs, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\scan_results, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\swf, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx, , [0662984c0b7f092d9c560ef6c142e31d], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\image, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\en-US, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-419, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-ES, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-BE, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CA, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CH, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-FR, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-LU, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-CH, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-IT, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pl, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt-BR, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru-MO, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\tr-TR, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\vi-VI, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-CN, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-TW, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pl, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\tr, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\vi, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults\preferences, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Service, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Update, , [d29626bebbcf9d9902a3501c55b01be5], Dateien: 214 PUP.Optional.WordSurfer.A, C:\WINDOWS\SYSTEM32\drivers\wsafd_1_10_0_19.sys, , [379d24e9b28bff6a9c2de9656aa03e05], PUP.Optional.WordSurfer.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe, , [6dfb578d7a1034024b0fa2c99b6a27d9], PUP.Optional.WProtectManager.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [c3a51cc83852b3832fb1f278b055ed13], PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, , [79eff8ec2b5f122467a3481468999070], PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchFF.dll, , [4b1d994bcac0f73fdfffa07e57aef10f], PUP.Optional.SupTab.A, C:\Program Files (x86)\MiuiTab\SupTab.dll, , [0563d60e731740f694ab88fb40c2e020], PUP.Optional.WordSurfer.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Uninstall.exe, , [a4c4c61e8dfd2f073a20a1ca49bc738d], PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchCH.dll, , [72f6687c800aff3716c8120c50b5ed13], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Local\Temp\nsw373E.tmp, , [83e5fee62367ea4c0d019bcd5baa758b], PUP.Optional.WProtectManager.A, C:\Users\Christian\AppData\Local\Temp\xtmp14826038\tmp\wpm_v20.0.0.2290.exe, , [89df519337534aec02deaebcff06dd23], PUP.Optional.Browserwatch, C:\Users\Christian\AppData\Local\Temp\xtmp14826038\tmp\XTab_Setup(2673).exe, , [85e3a93bb7d391a588563ae4ca3b2dd3], PUP.Optional.AnyProtect, C:\Users\Christian\AppData\Local\nss1E17.tmp, , [e7818b5918724aec2743f983ce34d32d], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\searchplugins\istartsurf.xml, , [fc6ca2425e2c3bfbb8ad71be808334cc], PUP.Optional.Vitruvian.A, C:\Users\Christian\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, , [95d37c68345644f2e583a6e03dc7c739], PUP.Optional.Vitruvian.A, C:\Users\Christian\AppData\Local\Temp\vitruvian-installer-install-v0003, , [145411d3bad045f13434cdb91fe556aa], PUP.Optional.Vitruvian.A, C:\Users\Christian\AppData\Local\Temp\vitruvian-installer-processes-v0002, , [fa6e71737a1003330d5b582e2ada54ac], PUP.Optional.Vitruvian.A, C:\Users\Christian\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, , [9ccca63ec1c9b58186e23056e51f1ee2], PUP.Optional.Convert, C:\Users\Christian\AppData\Roaming\PDFConvert\tosty.dat, , [056307dd9cee78be54f46533966e15eb], PUP.Optional.Convert, C:\Users\Christian\AppData\Roaming\PDFConvert\SWUpdate.exe, , [056307dd9cee78be54f46533966e15eb], PUP.Optional.WinKit, C:\Windows\System32\Tasks\WinKit, , [eb7d93516e1c9d9965e4e9af22e2c43c], PUP.Optional.Winsta, C:\Windows\System32\Tasks\Winsta Update, , [2642d50fddad4cea93b7f7a115ef7b85], PUP.Optional.WordSurfer.A, C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core, , [4226f1f398f258dee51dcdcfc4407a86], PUP.Optional.WordSurfer.A, C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update, , [87e1796ba6e4e254f60cdcc0689c2bd5], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\rnsj16E8.exe, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\Uninstall.exe, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\vnsjF922.tmp, , [194f657f2a60ac8af941b9e3a75d639d], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [b7b18a5a64262b0bd31614d237cb649c], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\478.json, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\MessageBox.xml, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\uninstallDlg2.xml, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\UninstallManager.exe, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\bg.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\bg1.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\bk_shadow.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\button.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\button1.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\checkbox.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\checkbox_select.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\checked.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\close.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\loading_bg.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\loading_light.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\min.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\scrollbar.bmp, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\Thumbs.db, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\unchecked.png, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code\code1.jpg, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code\code2.jpg, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code\code3.jpg, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code\code4.jpg, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code\code5.jpg, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code\code6.jpg, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\istartsurf\images\code\Thumbs.db, , [6ff9f1f36e1cd85e35f15893c042a15f], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup\AnyProtect.lnk, , [76f2b1332d5d04327373ee127093e51b], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup\Uninstall.lnk, , [76f2b1332d5d04327373ee127093e51b], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\installer\ab.test.json, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\installer\tempfile.t, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\swf\mov01.swf, , [77f116ce850561d5b13628d870935ba5], PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\product.guid, , [0662984c0b7f092d9c560ef6c142e31d], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\BrowserAction.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\CmdShell.exe, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\conf, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\defsearchp@gmail.com!1.0.0.1039.xpi, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\HPNotify.exe, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\IeWatchDog.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\install.data, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\searchProvider.xml, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\uninstall.exe, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\about.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\about_bk.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\btn.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\btn_apply.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\close.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\conf.xml, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\conf_back.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\input_bk.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\logo.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\main.xml, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\radio_1.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\radio_2.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\rigth_arrow.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\settings.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\data.html, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\indexIE.html, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\indexIE8.html, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\main.css, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\ver.txt, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\google_trends.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\icon128.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\icon16.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\icon48.png, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\loading.gif, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\logo32.ico, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\common.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\ga.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\jquery-1.11.0.min.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\jquery.autocomplete.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\jquery.xdomainrequest.min.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\js.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\library.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\xagainit-ie8.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\xagainit2.0.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\xdomain.min.js, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\en-US\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-419\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-ES\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-BE\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CA\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CH\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-FR\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-LU\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-CH\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-IT\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pl\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt-BR\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru-MO\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\tr-TR\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\vi-VI\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-CN\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-TW\messages.json, , [a0c8faeab6d4f14530c61fe5d82bcc34], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\domain, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\expirationDate, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\hotsearch, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\hotsearch_uptime, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\name, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\path, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\set_country, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\set_z, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\TABts, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\uid, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\url, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\_ver, , [2a3e588c325873c3ab043cc91be8b54b], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome.manifest, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\install.rdf, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\index.html, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.xul, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\speed_dial.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\about_blank_hook.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\misc.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\popup_image_helper.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\urlrequestor.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\doT.min.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\hotSearch.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\mostgrid.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\search.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\stat.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\common.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\ga.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\xagainit.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pl\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\tr\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\vi\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW\locale.properties, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\default_logo.png, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\googlelogo.png, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\google_trends.png, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\icon.png, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\loading.gif, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\logo.png, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\luck.png, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\newtab.ico, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\simple.css, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\style.css, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults\preferences\fvd.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults\preferences\preferences.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\addonmanager.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\aes.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\config.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\dialogs.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\last_tab.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\misc.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\properties.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\remoterequest.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\restoreprefs.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\settings.js, , [3533e9fb2a6040f61d2213f37291be42], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\terms-of-service.rtf, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses\buildcrx-license.txt, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses\Info-ZIP-license.txt, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses\JSON-simple-license.txt, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses\nsJSON-license.txt, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses\Nustache-license.txt, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses\TaskScheduler-license.txt, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\3rd Party Licenses\UAC-license.txt, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\Microsoft.Win32.TaskScheduler.dll, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\Nustache.Core.dll, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.Vitruvian.A, C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe.config, , [d29626bebbcf9d9902a3501c55b01be5], PUP.Optional.QuickStart.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), ,[ed7b43a13159db5bcacd5b13dd2829d7] PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "istartsurf");), ,[1f493ea6c1c961d5a609d599c342b14f] PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "istartsurf");), ,[590f499b0f7b93a387298ee0788deb15] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
21.07.2015, 17:42
| #4 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PCCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-21 17:47:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: lwx3kwsc.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\ugdiapog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000075c4452c 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNEL32.dll!GetModuleFileNameW 0000000075c44908 6 bytes JMP 71af000a
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075f82ca4 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!CreateDirectoryW 0000000075f8924e 6 bytes {JMP QWORD [RIP+0x718f001e]}
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!RemoveDirectoryW 0000000075f893b1 6 bytes {JMP QWORD [RIP+0x718c001e]}
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!SetFileAttributesW 0000000075f89913 6 bytes {JMP QWORD [RIP+0x7183001e]}
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!GetFileAttributesW 0000000075f89aa5 6 bytes JMP 718a000a
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!GetFileAttributesExW 0000000075f89b5c 6 bytes JMP 7187000a
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000075f89c6c 6 bytes JMP 7193000a
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!FindFirstFileW 0000000075f8abfb 6 bytes {JMP QWORD [RIP+0x717d001e]}
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!CreateFileW 0000000075f8c29f 6 bytes JMP 7196000a
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!GetTokenInformation 0000000075f8ca1f 6 bytes JMP 7199000a
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!GetFileSecurityW 0000000075f8dbd9 6 bytes {JMP QWORD [RIP+0x7180001e]}
.text C:\Program Files (x86)\MediaMall\MediaMallServer.exe[2088] C:\windows\syswow64\KERNELBASE.dll!CheckTokenMembership 0000000075f8e735 6 bytes {JMP QWORD [RIP+0x719b001e]}
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f61401 2 bytes JMP 75c6b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f61419 2 bytes JMP 75c6b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f61431 2 bytes JMP 75ce8f29 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f6144a 2 bytes CALL 75c4489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f614dd 2 bytes JMP 75ce8822 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f614f5 2 bytes JMP 75ce89f8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f6150d 2 bytes JMP 75ce8718 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f61525 2 bytes JMP 75ce8ae2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f6153d 2 bytes JMP 75c5fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f61555 2 bytes JMP 75c668ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f6156d 2 bytes JMP 75ce8fe3 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f61585 2 bytes JMP 75ce8b42 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f6159d 2 bytes JMP 75ce86dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f615b5 2 bytes JMP 75c5fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f615cd 2 bytes JMP 75c6b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f616b2 2 bytes JMP 75ce8ea4 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5480] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f616bd 2 bytes JMP 75ce8671 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075f61401 2 bytes JMP 75c6b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075f61419 2 bytes JMP 75c6b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075f61431 2 bytes JMP 75ce8f29 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075f6144a 2 bytes CALL 75c4489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075f614dd 2 bytes JMP 75ce8822 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f614f5 2 bytes JMP 75ce89f8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075f6150d 2 bytes JMP 75ce8718 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f61525 2 bytes JMP 75ce8ae2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075f6153d 2 bytes JMP 75c5fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075f61555 2 bytes JMP 75c668ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075f6156d 2 bytes JMP 75ce8fe3 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075f61585 2 bytes JMP 75ce8b42 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075f6159d 2 bytes JMP 75ce86dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075f615b5 2 bytes JMP 75c5fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075f615cd 2 bytes JMP 75c6b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075f616b2 2 bytes JMP 75ce8ea4 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp[7036] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075f616bd 2 bytes JMP 75ce8671 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f61401 2 bytes JMP 75c6b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f61419 2 bytes JMP 75c6b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f61431 2 bytes JMP 75ce8f29 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f6144a 2 bytes CALL 75c4489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f614dd 2 bytes JMP 75ce8822 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f614f5 2 bytes JMP 75ce89f8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f6150d 2 bytes JMP 75ce8718 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f61525 2 bytes JMP 75ce8ae2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f6153d 2 bytes JMP 75c5fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f61555 2 bytes JMP 75c668ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f6156d 2 bytes JMP 75ce8fe3 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f61585 2 bytes JMP 75ce8b42 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f6159d 2 bytes JMP 75ce86dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f615b5 2 bytes JMP 75c5fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f615cd 2 bytes JMP 75c6b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f616b2 2 bytes JMP 75ce8ea4 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe[8752] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f616bd 2 bytes JMP 75ce8671 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f61401 2 bytes JMP 75c6b21b C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f61419 2 bytes JMP 75c6b346 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f61431 2 bytes JMP 75ce8f29 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f6144a 2 bytes CALL 75c4489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f614dd 2 bytes JMP 75ce8822 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f614f5 2 bytes JMP 75ce89f8 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f6150d 2 bytes JMP 75ce8718 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f61525 2 bytes JMP 75ce8ae2 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f6153d 2 bytes JMP 75c5fca8 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f61555 2 bytes JMP 75c668ef C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f6156d 2 bytes JMP 75ce8fe3 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f61585 2 bytes JMP 75ce8b42 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f6159d 2 bytes JMP 75ce86dc C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f615b5 2 bytes JMP 75c5fd41 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f615cd 2 bytes JMP 75c6b2dc C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f616b2 2 bytes JMP 75ce8ea4 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2968] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f616bd 2 bytes JMP 75ce8671 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f61401 2 bytes JMP 75c6b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f61419 2 bytes JMP 75c6b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f61431 2 bytes JMP 75ce8f29 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f6144a 2 bytes CALL 75c4489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f614dd 2 bytes JMP 75ce8822 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f614f5 2 bytes JMP 75ce89f8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f6150d 2 bytes JMP 75ce8718 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f61525 2 bytes JMP 75ce8ae2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f6153d 2 bytes JMP 75c5fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f61555 2 bytes JMP 75c668ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f6156d 2 bytes JMP 75ce8fe3 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f61585 2 bytes JMP 75ce8b42 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f6159d 2 bytes JMP 75ce86dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f615b5 2 bytes JMP 75c5fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f615cd 2 bytes JMP 75c6b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f616b2 2 bytes JMP 75ce8ea4 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\ProtectService.exe[8960] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f616bd 2 bytes JMP 75ce8671 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f61401 2 bytes JMP 75c6b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f61419 2 bytes JMP 75c6b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f61431 2 bytes JMP 75ce8f29 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f6144a 2 bytes CALL 75c4489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f614dd 2 bytes JMP 75ce8822 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f614f5 2 bytes JMP 75ce89f8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f6150d 2 bytes JMP 75ce8718 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f61525 2 bytes JMP 75ce8ae2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f6153d 2 bytes JMP 75c5fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f61555 2 bytes JMP 75c668ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f6156d 2 bytes JMP 75ce8fe3 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f61585 2 bytes JMP 75ce8b42 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f6159d 2 bytes JMP 75ce86dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f615b5 2 bytes JMP 75c5fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f615cd 2 bytes JMP 75c6b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f616b2 2 bytes JMP 75ce8ea4 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\MiuiTab\HPNotify.exe[9040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f616bd 2 bytes JMP 75ce8671 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f61401 2 bytes JMP 75c6b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f61419 2 bytes JMP 75c6b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f61431 2 bytes JMP 75ce8f29 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f6144a 2 bytes CALL 75c4489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f614dd 2 bytes JMP 75ce8822 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f614f5 2 bytes JMP 75ce89f8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f6150d 2 bytes JMP 75ce8718 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f61525 2 bytes JMP 75ce8ae2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f6153d 2 bytes JMP 75c5fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f61555 2 bytes JMP 75c668ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f6156d 2 bytes JMP 75ce8fe3 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f61585 2 bytes JMP 75ce8b42 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f6159d 2 bytes JMP 75ce86dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f615b5 2 bytes JMP 75c5fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f615cd 2 bytes JMP 75c6b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f616b2 2 bytes JMP 75ce8ea4 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp[7832] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f616bd 2 bytes JMP 75ce8671 C:\windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5644:6820] 000007fefb9bf5f8
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [5644:6828] 000007fef9d0bc60
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [5660:5992] 000007feefa93e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [5660:6124] 000007feefa93e0c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [5660:5068] 000007fef9d0bc60
---- Processes - GMER 2.1 ----
Library c:\users\christ~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphsms3o.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-07-21 07:00:48) 0000000004ed0000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000005c8e0000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005f70000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000005b900000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005b610000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-03-04 21:45:30) 000000005c510000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000059fa0000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000058e30000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000058a00000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000587a0000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000058c80000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-03-04 21:45:30) 0000000058c70000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000058c20000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000056e00000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000056c90000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-03-04 21:45:30) 0000000056ba0000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-03-04 21:45:30) 0000000058750000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-03-04 21:45:30) 00000000732b0000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-03-04 21:45:30) 00000000731f0000
Library C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [416](2015-03-04 21:45:30) 00000000731e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@SoundTouch\x2122 20 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DB5930AF-592B-4C89-B79E-D593EF542314}\Connection@Name isatap.{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{582AB1DB-9B78-406B-B131-C1C097CAFA37}?\Device\{DB5930AF-592B-4C89-B79E-D593EF542314}?\Device\{362AA6DE-68BC-4737-990B-F885AA4F6C36}?\Device\{DBA66C0B-C46F-46CC-8EA9-B472206EA5FE}?\Device\{28B2FC3A-8718-40FC-B478-CDADE93D7E11}?\Device\{0B458FB3-9554-4EDF-91A9-4FCE3776DEC6}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{582AB1DB-9B78-406B-B131-C1C097CAFA37}"?"{DB5930AF-592B-4C89-B79E-D593EF542314}"?"{362AA6DE-68BC-4737-990B-F885AA4F6C36}"?"{DBA66C0B-C46F-46CC-8EA9-B472206EA5FE}"?"{28B2FC3A-8718-40FC-B478-CDADE93D7E11}"?"{0B458FB3-9554-4EDF-91A9-4FCE3776DEC6}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{582AB1DB-9B78-406B-B131-C1C097CAFA37}?\Device\TCPIP6TUNNEL_{DB5930AF-592B-4C89-B79E-D593EF542314}?\Device\TCPIP6TUNNEL_{362AA6DE-68BC-4737-990B-F885AA4F6C36}?\Device\TCPIP6TUNNEL_{DBA66C0B-C46F-46CC-8EA9-B472206EA5FE}?\Device\TCPIP6TUNNEL_{28B2FC3A-8718-40FC-B478-CDADE93D7E11}?\Device\TCPIP6TUNNEL_{0B458FB3-9554-4EDF-91A9-4FCE3776DEC6}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3c77e6cccfa1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3c77e6cccfa1@000c8a650958 0x57 0x35 0x1B 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DB5930AF-592B-4C89-B79E-D593EF542314}@InterfaceName isatap.{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DB5930AF-592B-4C89-B79E-D593EF542314}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@SoundTouch\x2122 20 1?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3c77e6cccfa1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3c77e6cccfa1@000c8a650958 0x57 0x35 0x1B 0xEE ...
---- EOF - GMER 2.1 ----
|
|
21.07.2015, 17:44
| #5 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PCCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by Christian (administrator) on CW-NOTEBOOK on 21-07-2015 17:29:55 Running from C:\Users\Christian\Downloads Loaded Profiles: Christian & (Available Profiles: Christian) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Esker S.A.) C:\Program Files (x86)\Esker\Common\ESLCBcst.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (HP) C:\Windows\System32\HPSIsvc.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (hxxp://shotty.devs-on.net) C:\Program Files\Shotty\Shotty.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\splwow64.exe () C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp (Word Surfer) C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe (DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe (SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe (XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe (Esker S. A.) C:\Program Files (x86)\Esker\SmarTerm\STOFFICE.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe () C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-07-22] (Broadcom Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-11-22] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-09-30] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-11-22] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-09-09] (Intel Corporation) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard) HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2013-11-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [DR-C125 CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe [892928 2011-06-03] (Canon Electronics Inc.) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RAM_DEFRAG] => [X] HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKLM-x32\...\RunOnce: [Update] => C:\Users\Christian\AppData\Roaming\ASPackage\ASPackage.exe /runonce Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Run: [Shotty] => C:\Program Files\Shotty\Shotty.exe [724480 2013-11-24] (hxxp://shotty.devs-on.net) HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd) HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Run: [Dropbox Update] => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Shotty] => C:\Program Files\Shotty\Shotty.exe [724480 2013-11-24] (hxxp://shotty.devs-on.net) HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd) HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-11-03] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-16] ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2014-09-27] (MediaMall Technologies, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-16] (Thinkgood Co. Limited) BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2014-09-27] (MediaMall Technologies, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2014-09-27] (MediaMall Technologies, Inc.) Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2014-09-27] (MediaMall Technologies, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{B9459966-CA3A-49A1-AF3E-0C4E12084836}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [DhcpNameServer] 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 FireFox: ======== FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: istartsurf FF SelectedSearchEngine: istartsurf FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-21] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-21] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-22] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-22] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2014-09-27] (MediaMall Technologies, Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-07-20] (Digital Persona, Inc.) FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\searchplugins\ecosia.xml [2014-09-16] FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\searchplugins\istartsurf.xml [2015-07-21] FF Extension: Disconnect - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\2.0@disconnect.me [2015-03-04] FF Extension: Disconnect Search - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\search@disconnect.me [2015-03-04] FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\artur.dubovoy@gmail.com [2015-05-29] FF Extension: Default SearchProtected - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\defsearchp@gmail.com [2015-07-21] FF Extension: deskCut - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\deskCutv2@gmail.com [2015-07-21] FF Extension: PlayOn - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\playonplugin@playon.tv [2014-09-08] FF Extension: Video DownloadHelper - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-18] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-11-22] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2014-01-10] FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com FF HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314 Chrome: ======= CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\default CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-07-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2013-11-22] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2013-11-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2013-11-22] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2013-11-22] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) S3 Disconnect Desktop Updater; C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-02-27] (Disconnect) R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.) R2 EskerLicenseControl; C:\Program Files (x86)\Esker\Common\eslcbcst.exe [315479 2008-08-25] (Esker S.A.) [File not signed] S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R2 gytehucu; C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp [334848 2015-07-21] () [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company) R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG) R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-01-27] (Infineon Technologies AG) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-11] (Intel Corporation) R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-07-16] (XTab system) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-22] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-22] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5826352 2014-11-24] (MediaMall Technologies, Inc.) S3 OpenVPNService; C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc) R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-01-27] (Infineon Technologies AG) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-21] (DTools LIMITED) <==== ATTENTION R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-07-22] (Broadcom Corporation) [File not signed] R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer) R2 zejytose; C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp [199168 2015-07-21] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2013-11-22] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2013-11-22] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-09-09] (Broadcom Corporation.) R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed] S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.) R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company) S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated) S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated) S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.) R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus) R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed] S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed] S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [14000 2008-07-08] (Microsoft Corporation) [File not signed] R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [61312 2015-06-16] (Word Surfer) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 17:29 - 2015-07-21 17:30 - 00041670 _____ C:\Users\Christian\Downloads\FRST.txt 2015-07-21 17:28 - 2015-07-21 17:28 - 02135552 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe 2015-07-21 17:25 - 2015-07-21 17:25 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe 2015-07-21 16:45 - 2015-07-21 16:45 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-07-21 15:28 - 2015-07-21 15:28 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files\iTunes 2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files\iPod 2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-07-21 14:04 - 2015-07-21 14:04 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2015-07-21 14:04 - 2015-07-21 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-07-21 14:04 - 2015-07-21 14:04 - 00000000 ____D C:\Program Files (x86)\QuickTime 2015-07-21 13:07 - 2015-07-21 15:25 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx 2015-07-21 13:07 - 2015-07-21 13:07 - 00613255 _____ (CMI Limited) C:\Users\Christian\AppData\Local\nss1E17.tmp 2015-07-21 13:07 - 2015-07-21 13:07 - 00000000 __SHD C:\Users\Christian\AppData\Roaming\AnyProtectEx 2015-07-21 13:07 - 2015-07-21 13:07 - 00000000 ____D C:\Users\Christian\SupTab 2015-07-21 13:07 - 2015-07-21 13:07 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2015-07-21 13:05 - 2015-07-21 13:05 - 00003774 _____ C:\windows\System32\Tasks\Convertor 2015-07-21 13:05 - 2015-07-21 13:05 - 00003298 _____ C:\windows\System32\Tasks\Winsta Update 2015-07-21 13:05 - 2015-07-21 13:05 - 00003266 _____ C:\windows\System32\Tasks\WinKit 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\Users\Christian\AppData\Roaming\PDFConvert 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\Users\Christian\AppData\Roaming\DocToPDFConverter 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\ProgramData\WindowsMangerProtect 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\Program Files (x86)\Winsta 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\Program Files (x86)\MiuiTab 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 ____D C:\Program Files (x86)\Convertor 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 _____ C:\windows\prleth.sys 2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 _____ C:\windows\hgfs.sys 2015-07-21 13:04 - 2015-07-21 13:04 - 00004180 _____ C:\windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update 2015-07-21 13:04 - 2015-07-21 13:04 - 00004168 _____ C:\windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core 2015-07-21 13:04 - 2015-07-21 13:04 - 00000000 ____D C:\Users\Christian\AppData\Roaming\istartsurf 2015-07-21 13:04 - 2015-07-21 13:04 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19 2015-07-21 12:33 - 2015-07-21 12:33 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Opera Software 2015-07-21 12:33 - 2015-07-21 12:33 - 00000000 ____D C:\Users\Christian\AppData\Local\Opera Software 2015-07-21 12:32 - 2015-07-21 16:32 - 00000000 ____D C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B 2015-07-21 12:32 - 2015-07-21 12:36 - 00000000 ____D C:\Users\Christian\AppData\Roaming\ASPackage 2015-07-21 12:32 - 2015-07-21 12:35 - 00000000 ____D C:\Program Files (x86)\Opera 2015-07-21 12:30 - 2015-07-21 12:35 - 00000000 ____D C:\Program Files (x86)\eRightSoft 2015-07-21 12:30 - 2015-07-21 12:30 - 00000000 ____D C:\Users\Christian\Documents\eRightSoft 2015-07-21 12:30 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\windows\SysWOW64\pncrt.dll 2015-07-21 12:30 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\drvc.dll 2015-07-21 09:42 - 2015-07-21 12:11 - 2152198208 _____ C:\Users\Christian\Desktop\Wiedemann Image Film.mov 2015-07-20 13:23 - 2015-07-20 14:52 - 00158208 _____ C:\Users\Christian\Desktop\Kopie von bestellformular_hp_x-mas_2015_excel.xls 2015-07-20 13:03 - 2015-07-20 14:52 - 00168960 _____ C:\Users\Christian\Desktop\Kopie von bestellformular_wdw_2015_excel.xls 2015-07-16 14:35 - 2015-07-16 14:36 - 00000000 ____D C:\Users\Christian\Desktop\Wirtschaftspreis 2015-07-16 10:07 - 2015-07-16 13:06 - 00125980 _____ C:\Users\Christian\Desktop\Liquidtätsplan Kopie leer.xlsx 2015-07-16 08:53 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll 2015-07-16 08:53 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll 2015-07-16 08:53 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2015-07-16 08:53 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2015-07-16 08:53 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2015-07-16 08:53 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-07-16 08:53 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2015-07-16 08:53 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-07-16 08:53 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-07-16 08:53 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2015-07-16 08:53 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-07-16 08:53 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2015-07-16 08:53 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-07-16 08:53 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-07-16 08:53 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-07-16 08:53 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-07-16 08:53 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-07-16 08:53 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-07-16 08:53 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2015-07-16 08:53 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-07-16 08:53 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-07-16 08:53 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-07-16 08:53 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-07-16 08:53 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-07-16 08:53 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2015-07-16 08:53 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2015-07-16 08:53 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2015-07-16 08:53 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2015-07-16 08:53 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2015-07-16 08:53 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2015-07-16 08:53 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2015-07-16 08:53 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2015-07-16 08:53 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2015-07-16 08:53 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2015-07-16 08:53 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2015-07-16 08:53 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-07-16 08:53 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-07-16 08:53 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2015-07-16 08:53 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2015-07-16 08:53 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-07-16 08:53 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2015-07-16 08:53 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-07-16 08:53 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-07-16 08:53 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-07-16 08:53 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-07-16 08:53 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-07-16 08:53 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-07-16 08:53 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-07-16 08:53 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-07-16 08:53 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-07-16 08:53 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-07-16 08:53 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-07-16 08:53 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-07-16 08:53 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-07-16 08:53 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-07-16 08:53 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-07-16 08:53 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-07-16 08:53 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-07-16 08:53 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-07-16 08:53 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-07-16 08:53 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-07-16 08:53 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-07-16 08:53 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-07-16 08:53 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-07-16 08:53 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-07-16 08:53 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2015-07-16 08:53 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2015-07-16 08:53 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2015-07-16 08:53 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2015-07-16 08:53 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2015-07-16 08:53 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2015-07-16 08:53 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2015-07-16 08:53 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2015-07-16 08:53 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2015-07-16 08:53 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2015-07-16 08:53 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-07-16 08:53 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2015-07-16 08:53 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2015-07-16 08:53 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2015-07-16 08:53 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2015-07-16 08:53 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2015-07-16 08:53 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2015-07-16 08:53 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2015-07-16 08:53 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2015-07-16 08:53 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2015-07-16 08:53 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2015-07-16 08:53 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll 2015-07-16 08:53 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll 2015-07-16 08:52 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2015-07-16 08:52 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2015-07-16 08:52 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2015-07-16 08:52 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2015-07-16 08:52 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2015-07-16 08:52 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll 2015-07-16 08:52 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll 2015-07-16 08:52 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll 2015-07-16 08:52 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2015-07-16 08:52 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2015-07-16 08:52 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2015-07-16 08:52 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2015-07-16 08:52 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2015-07-16 08:52 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2015-07-16 08:52 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll 2015-07-16 08:52 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe 2015-07-16 08:52 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2015-07-16 08:52 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2015-07-16 08:52 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll 2015-07-16 08:52 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe 2015-07-16 08:52 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll 2015-07-16 08:52 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll 2015-07-14 22:31 - 2015-07-14 22:32 - 00000000 ____D C:\Users\Christian\Desktop\Männertour 2015 2015-07-14 21:59 - 2015-07-14 21:59 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2015-07-14 21:59 - 2015-07-14 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-07-14 21:59 - 2015-07-14 21:59 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-07-12 18:22 - 2015-07-12 18:22 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-07-10 09:59 - 2015-07-10 09:59 - 00000000 ____D C:\Users\Christian\Desktop\Skoda 2015-07-07 10:48 - 2015-07-07 10:48 - 00013204 _____ C:\Users\Christian\Desktop\Email BF stand 07.07.15.xlsx 2015-07-07 10:47 - 2015-07-07 10:47 - 00013204 _____ C:\Users\Christian\Documents\Email BF stand 07.07.15.xlsx 2015-07-07 10:26 - 2015-07-07 10:27 - 00000000 ____D C:\Users\Christian\Desktop\Musik Basti 2015-07-01 10:56 - 2015-07-01 10:56 - 00000240 _____ C:\Users\Christian\Desktop\Gemafreie Musik-CDs.lnk 2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Defrag 2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAM Defrag 2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\Program Files (x86)\RAM Defrag 2015-07-01 10:56 - 2006-06-04 18:33 - 00081920 _____ C:\windows\SysWOW64\GkSui20.EXE 2015-06-29 09:25 - 2015-06-29 09:25 - 00001002 _____ C:\Users\Public\Desktop\IrfanView.lnk 2015-06-29 09:22 - 2015-06-29 09:39 - 00000000 ____D C:\Users\Christian\Desktop\Fotos Sommerfest 2015-06-25 08:51 - 2015-06-25 08:51 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 17:30 - 2015-04-22 11:19 - 00000000 ____D C:\FRST 2015-07-21 17:19 - 2013-11-18 15:42 - 00000000 ____D C:\Users\Christian\AppData\Local\LogMeIn Hamachi 2015-07-21 16:54 - 2015-06-18 15:43 - 00001240 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA.job 2015-07-21 16:48 - 2014-09-16 09:42 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-21 16:45 - 2014-09-16 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-07-21 16:45 - 2014-09-16 09:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-07-21 16:37 - 2013-04-13 22:35 - 00703214 _____ C:\windows\system32\perfh007.dat 2015-07-21 16:37 - 2013-04-13 22:35 - 00150822 _____ C:\windows\system32\perfc007.dat 2015-07-21 16:37 - 2009-07-14 07:13 - 01629436 _____ C:\windows\system32\PerfStringBackup.INI 2015-07-21 15:28 - 2015-04-23 09:22 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-21 15:28 - 2013-11-22 16:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-07-21 14:05 - 2015-06-18 15:43 - 00001188 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core.job 2015-07-21 13:07 - 2013-11-18 13:07 - 00000000 ____D C:\Users\Christian 2015-07-21 13:04 - 2014-01-19 12:38 - 00001464 _____ C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-21 13:04 - 2013-11-18 15:18 - 00001463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-21 13:04 - 2013-11-18 13:11 - 00001737 _____ C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-21 09:39 - 2013-11-18 13:11 - 00003958 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{43550C9A-71F1-4A37-9F36-CF91E81C2D37} 2015-07-21 09:08 - 2013-11-03 04:05 - 01553946 ____N C:\windows\WindowsUpdate.log 2015-07-21 09:04 - 2009-07-14 06:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-21 09:04 - 2009-07-14 06:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-21 09:02 - 2013-11-27 10:09 - 00000000 ___RD C:\Users\Christian\Dropbox 2015-07-21 09:02 - 2013-11-27 09:55 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox 2015-07-21 09:02 - 2013-04-14 01:38 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-07-21 09:02 - 2013-04-14 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-21 09:02 - 2013-04-14 01:38 - 00003770 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-07-21 09:02 - 2013-04-14 01:38 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-07-21 08:57 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-07-20 16:43 - 2013-11-26 18:24 - 00000181 _____ C:\windows\setscan.ini 2015-07-20 14:35 - 2013-11-24 18:21 - 00003210 _____ C:\windows\System32\Tasks\HPCeeScheduleForChristian 2015-07-20 14:35 - 2013-11-24 18:21 - 00000348 _____ C:\windows\Tasks\HPCeeScheduleForChristian.job 2015-07-20 14:13 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2015-07-20 13:49 - 2015-06-18 15:43 - 00004218 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA 2015-07-20 13:49 - 2015-06-18 15:43 - 00003822 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core 2015-07-20 11:02 - 2013-11-21 17:11 - 00002036 ____H C:\Users\Christian\Documents\Default.rdp 2015-07-20 08:52 - 2013-11-21 16:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-07-16 19:31 - 2013-11-20 08:33 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-16 19:27 - 2013-11-18 15:40 - 00000000 ____D C:\windows\system32\MRT 2015-07-16 15:57 - 2014-07-30 15:24 - 00010240 _____ C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-16 08:54 - 2014-12-23 16:08 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-14 21:57 - 2014-09-08 15:57 - 00000000 ____D C:\ProgramData\MediaMall 2015-07-14 11:44 - 2013-12-04 10:07 - 00033856 ____H (LogMeIn, Inc.) C:\windows\system32\hamachi.sys 2015-07-14 08:34 - 2013-11-20 08:36 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log 2015-07-07 12:41 - 2014-01-20 09:52 - 32435718 _____ C:\PAGE.BMP 2015-07-07 12:41 - 2014-01-20 09:52 - 04061206 _____ C:\1BPP_0.BMP 2015-07-07 08:48 - 2013-11-25 22:14 - 00000000 ____D C:\Users\Public\Documents\Sonstigtes 2015-07-06 08:50 - 2013-11-18 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-03 16:18 - 2014-02-14 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-03 15:54 - 2013-11-25 22:14 - 00000000 ____D C:\Users\Public\Documents\Steuer 2015-07-03 08:43 - 2013-11-18 15:40 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-06-30 16:25 - 2014-08-25 12:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc 2015-06-23 17:14 - 2014-08-13 20:18 - 00000000 __SHD C:\Users\Christian\AppData\Local\EmieUserList 2015-06-23 17:14 - 2014-08-13 20:18 - 00000000 __SHD C:\Users\Christian\AppData\Local\EmieSiteList 2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-06-22 10:58 - 2015-05-20 14:41 - 00000000 _____ C:\DebugTraceNormal.log 2015-06-22 10:58 - 2015-05-20 14:38 - 00000000 ____D C:\Program Files (x86)\VideoViewer ==================== Files in the root of some directories ======= 2014-07-30 15:24 - 2015-07-16 15:57 - 0010240 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-21 13:07 - 2015-07-21 13:07 - 0613255 _____ (CMI Limited) C:\Users\Christian\AppData\Local\nss1E17.tmp 2014-12-09 17:42 - 2014-12-09 17:42 - 0000870 _____ () C:\Users\Christian\AppData\Local\recently-used.xbel Some files in TEMP: ==================== C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphsms3o.dll C:\Users\Christian\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 07:58 ==================== End of log ============================ |
|
21.07.2015, 17:45
| #6 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Christian at 2015-07-21 17:30:44
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-263877971-3702004810-1081422831-500 - Administrator - Disabled)
Christian (S-1-5-21-263877971-3702004810-1081422831-1001 - Administrator - Enabled) => C:\Users\Christian
Gast (S-1-5-21-263877971-3702004810-1081422831-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-263877971-3702004810-1081422831-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AstroConnect Software 5.5.1 (HKLM-x32\...\{684FA762-D9FD-4540-9EF8-CF1E216ABA2E}) (Version: 5.5.1 - AstroConnect)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.1.9.1580 - Avira)
AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation)
Canon driver for DR-C125 (x64) (HKLM\...\{C37F594E-F7D0-4A1E-8AB3-6605D7D11C4B}) (Version: 1.0.4182 - Canon Electronics inc.)
CaptureOnTouch Evernote Plugin (HKLM-x32\...\{CE27CA2B-7663-4F6B-8E61-A455390AC71F}) (Version: 1.0.10511 - Canon Electronics Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ChefplanAddIn (HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\82D681645116BE764FBC66B0ED0179BA228F91E9) (Version: 1.1.0.61 - BBE Handelsberatung GmbH)
ChefplanAddIn (HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\82D681645116BE764FBC66B0ED0179BA228F91E9) (Version: 1.1.0.61 - BBE Handelsberatung GmbH)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
congstar Internet-Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Disconnect Desktop (HKLM-x32\...\Disconnect Desktop 1.0.5) (Version: 1.0.5 - Disconnect)
Disconnect Desktop (x32 Version: 1.0.5 - Disconnect) Hidden
DocToPDFConverter (HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\DocToPDFConverter) (Version: 01.00.00.00 - VolatoTech)
DocToPDFConverter (HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\DocToPDFConverter) (Version: 01.00.00.00 - VolatoTech)
DR-C125 CaptureOnTouch (HKLM-x32\...\{C67FF523-F257-4A3F-AE4D-08671E727A0E}) (Version: 2.1.111.613 - Canon Electronics Inc.)
DR-C125 UserManual (HKLM-x32\...\{E3171A4D-FC3B-48CE-87A8-8C1BE9953E5F}) (Version: 1.04.0000 - Canon Electronics Inc.)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Embedded Security for HP ProtectTools (HKLM\...\{43BE25B8-E69F-42CF-9414-7DDCF891629B}) (Version: 7.0.000.2882 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C65D5947-5FAF-499E-859F-75C3852D84B0}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{4CC65EFD-0604-4978-B336-C43283645D58}) (Version: 2.0.1514 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver (x32 Version: 2.0.1514 - KYOCERA Document Solutions Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Nail & Cosmetic Studio 3 (HKLM-x32\...\My Nail & Cosmetic Studio 3) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
OpenVPN 2.3.4-I603 (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I603 - )
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.49 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Perfect Effects 8 (HKLM-x32\...\Perfect Effects 8 PE) (Version: 8.5.1 - onOne Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayLater (HKLM-x32\...\{55B5C370-E2FD-40E0-9646-FA58D9E90DB8}) (Version: 1.6.2 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{99C4F0B1-E1A0-4B72-8E2B-184A8505BC2F}) (Version: 3.10.2 - MediaMall Technologies, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAM Defrag (HKLM-x32\...\RAM Defrag) (Version: 2.84 - Catbytes Software)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Shotty - Kleines aber eindrucksvolles Screenshot Tool (HKLM\...\2e730c18-03e8-4d1d-8fc2-0ee3ea04a765) (Version: 2.0.2.216 - Thomas Baumann)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmarTerm (HKLM-x32\...\{415666CF-8A1B-4836-AB41-0FF01D16545E}) (Version: 13.0.0 - Esker)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Transalp 2003 (HKLM-x32\...\Transalp 2003) (Version: - )
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.3 - uvnc bvba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.2.0.9 - AVTECH Corporation, Inc.)
VideoPlayer 1.2.0.8 (HKLM-x32\...\{7BD6DBC6-5883-47EA-95F6-96B888E11189}_is1) (Version: 1.2.0.8 - AVTECH) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-07-2015 08:39:29 Windows Update
10-07-2015 08:47:13 Windows Update
14-07-2015 08:43:57 Windows Update
16-07-2015 19:19:14 Windows Update
20-07-2015 08:48:40 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {014203D3-07BD-4F16-938C-2F542606F01A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0279B360-6BF9-49C2-89FF-E6E44EE8B665} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-21] (Adobe Systems Incorporated)
Task: {03EAC963-9296-4836-AC23-A940F8784A21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {05348D56-E47D-498A-BB7D-7D643A66B289} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {073B80BE-CC11-4F3A-B9F7-001A59809A2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {308C497D-46C4-4E82-BB6A-89E31D4B9DF3} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()
Task: {35CC516F-DAFD-4E0E-A519-8A3BC1C66B36} - System32\Tasks\HPCeeScheduleForChristian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3E932D29-F8DD-49BA-8837-2A70A7855A3F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {477B398B-827F-4621-A6CB-ECC8422FB5EE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {6A75806B-B0D0-408D-91D7-F83BFDEA2E56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {74EBEBA1-0AA0-4ED9-899D-C24B59E5A8AE} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-16] (Word Surfer)
Task: {7E0DCE54-CFAC-4AEE-96EC-722D4D93115F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {86E0F615-3226-454C-AF03-52890DA7EB22} - System32\Tasks\Winsta Update => C:\Program Files (x86)\Winsta\bin\Winsta.exe [2014-11-25] ()
Task: {8CC66BB9-B7A2-4D5A-929E-BC797C8EAEF3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9589EA2B-DBFC-4070-9505-53537340DB48} - System32\Tasks\Disconnect Desktop Updater => C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [2015-02-27] (Disconnect)
Task: {98250822-BA88-4566-9196-8F3327E0E390} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-16] (Word Surfer)
Task: {BA537817-3601-46D5-81F7-EACDE6EDE9BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D1BBE7D5-94A6-4A7A-8144-DD0355E8290E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D58491FF-2BEC-4B1D-AB76-57ED867D6B4D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DA90C081-1974-4D78-8306-AA94BC90A1C1} - System32\Tasks\WinKit => C:\Users\Christian\AppData\Roaming\PDFConvert\SWUpdate.exe [2014-11-25] ()
Task: {F800C3D6-B6F4-40F4-A9B8-48D48DA70543} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core.job => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA.job => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForChristian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2012-01-17 17:57 - 2012-01-17 17:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 13:11 - 2013-03-27 13:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 12:26 - 2013-03-27 12:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-12-28 10:32 - 2012-08-31 16:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2013-12-28 10:33 - 2012-08-31 16:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-10-23 21:19 - 2014-10-23 21:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-07-21 12:32 - 2015-07-21 12:32 - 00199168 _____ () C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-21 15:52 - 2015-07-21 15:52 - 00334848 _____ () C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp
2013-11-21 17:01 - 2013-11-22 10:38 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2015-07-21 09:00 - 2015-07-21 09:00 - 00043008 _____ () c:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphsms3o.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-10-21 11:17 - 2014-10-21 11:17 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e48edf3c1ace502f88d4a7a2227e0f1\IsdiInterop.ni.dll
2013-04-14 01:05 - 2013-11-22 12:39 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-03 04:34 - 2013-11-22 12:28 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-19 08:00 - 2014-03-19 08:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2003-10-16 09:47 - 2003-10-16 09:47 - 00159744 _____ () C:\Program Files (x86)\Esker\SmarTerm\SSLEAY32.dll
2003-10-16 09:47 - 2003-10-16 09:47 - 00811008 _____ () C:\Program Files (x86)\Esker\SmarTerm\LIBEAY32.dll
2015-07-21 09:02 - 2015-07-21 09:02 - 17448624 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-263877971-3702004810-1081422831-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAfee Endpoint Encryption Agent => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MCtlSvc.lnk => C:\windows\pss\MCtlSvc.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CANON DR-C125 SVC => rundll32.exe DRDcSvc.dll,EntryPointUserMessage
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Power2GoExpress8 => "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SoundTouch Music Server => "C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F6C40517-7243-40F8-B241-A4AA7290767B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A57A6794-5328-427E-BE62-C34F75CE093A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3AC0E345-5909-4027-8270-F088FB8F37A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D079551-B394-49C3-813C-8D71A148BDEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{562FB82B-ACC7-450D-A17F-25813988E534}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B70CF372-4268-42B1-9B36-44F311BAF5B3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{52F905AA-793B-414D-8240-092AA43C59EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B41F732-579F-4F6F-B4A3-FF29A93BFCA5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{C8239F38-E7C1-4F7D-BF78-6D1EA8B86AEB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{DB89966E-460F-49AC-BC2E-2A14116644D4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{AA75CC0A-7EB3-4018-97BC-B002E840150B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{5D73A52A-DDBA-40D3-A404-10D8AD341B5E}] => (Allow) LPort=5900
FirewallRules: [{125CB48B-D882-4E51-983D-8F1CE70AF8CD}] => (Allow) LPort=5900
FirewallRules: [{B6854338-33B6-4098-AB54-D1FCBD461148}] => (Allow) LPort=5800
FirewallRules: [{2356B8E7-12E0-4942-88D1-B84499ECFB45}] => (Allow) LPort=5800
FirewallRules: [{E9C9E34A-3AEC-4D9F-9D63-5650D4F81306}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{353D3B0A-2033-462E-9C53-3293FF1ED6B2}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{244DEE94-F37A-4100-93EF-61454048113F}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{A175DB88-5979-46AE-A19D-DA89118277DE}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{BC137049-4002-4036-9FFB-06D674100787}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F8CEDBC-EF54-4E12-9D2D-4F84BC08F55B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{B91F2B60-AA59-4C4C-AF63-01FE3D858D57}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{4776F2FA-D9B2-4F6E-9596-813B0A12AE0E}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{0F65167A-3264-4E7E-94FC-8AC34F0BB8AA}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0AED2436-86CF-406D-8859-5850247100F3}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{07186558-4057-4523-B699-AC01E1BC4908}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{3D9F9B9D-4004-4481-B7CB-6276F42F59E7}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{ED6C9A25-B615-4E23-BF6C-7656C8D33EED}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{CCEFF189-2096-40DE-A1FF-97431B0AF0BD}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{7D124143-C31A-429B-ADB9-C204DF3E11BA}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{74F8ECF5-43BC-497C-820D-3E124C2DC43A}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [TCP Query User{C0487DBF-980F-4EAC-B85A-CEA67C3BE7DE}C:\program files (x86)\mediamall\playlater.exe] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe
FirewallRules: [TCP Query User{25B2EFFF-A63F-400D-9C65-4E78F4462EEF}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{F49511CF-9023-4C34-9BC1-364EE39FAAF9}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [TCP Query User{A6968EE7-A74B-4456-B683-013741C64542}C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe
FirewallRules: [UDP Query User{143F8FD8-E70F-4D95-B18A-4239482979E4}C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe
FirewallRules: [TCP Query User{25B5E4D9-FEE4-4BB9-A701-1DC741FC8D77}C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe
FirewallRules: [UDP Query User{040092D8-F4D7-412E-BC68-DAC546F10F08}C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe
FirewallRules: [TCP Query User{EDF8D164-35E1-4E01-AB6F-0AE7B56D7E9E}C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe
FirewallRules: [UDP Query User{CCA71D85-B42D-4409-8330-21941D1E89A5}C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe
FirewallRules: [TCP Query User{569756BB-7C12-4559-8E59-6FDD014631F9}C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe
FirewallRules: [UDP Query User{168BF7A6-82B6-4A52-898D-D61A666DC202}C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe
FirewallRules: [TCP Query User{CB5B25DE-CBEF-48D2-A8C3-32643445F6F1}C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe
FirewallRules: [UDP Query User{A56F68DE-7DD6-4681-AD00-207850B6236B}C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe
FirewallRules: [TCP Query User{61CF7D3E-A23B-4604-B257-99853705A7AE}C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe
FirewallRules: [UDP Query User{3D9F5310-3E08-44B9-9206-49ECEC4FE4ED}C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe
FirewallRules: [TCP Query User{6382745A-A282-48BC-9509-53EE2AD1B1AB}C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe
FirewallRules: [UDP Query User{00313725-0B63-4F48-83CD-F174A23AD2EA}C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe
FirewallRules: [TCP Query User{4E44E62B-2581-4090-BC4E-506DE02BD063}C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe
FirewallRules: [UDP Query User{9E3A5D5C-EBBD-4F04-9D77-CC5283F7F6E4}C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe
FirewallRules: [TCP Query User{653513EF-DDC2-4FF5-9456-E4D01AD42ED2}C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe
FirewallRules: [UDP Query User{7B6728AD-9AE1-4049-828D-C5F4BE3FBFF4}C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe
FirewallRules: [TCP Query User{3BA733C4-649F-4AE6-9D86-32CA5CC7E9B3}C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe
FirewallRules: [UDP Query User{EC5D946F-6042-41E6-A058-FC34774EFEBB}C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe
FirewallRules: [{11BF4707-EE95-480F-925A-8BA9F63D7D31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D765DD9A-D04F-4379-A5A8-ABE174CD88ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59113540-C6D1-4622-B816-0F2079FE7768}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{8179942A-50DC-4EBF-9B32-099D4B5C83B9}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{F83CFD34-6946-4B6C-BF40-C363E3489CF8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C4C260CB-F7F8-413D-83E3-1B64D545406F}] => (Allow) LPort=2869
FirewallRules: [{F49D2E43-DEEE-4296-BDA3-2BEAEC54E74A}] => (Allow) LPort=1900
FirewallRules: [{0663A960-5C53-49FB-A7E9-F0E3E3AB3A49}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{2576B8DA-7728-43A1-875E-75A2CE2D5FE9}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [TCP Query User{AFF0D7A6-8E45-4DC7-AC55-49DD97C29FEB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7C131E4A-853E-44EE-966C-BDEF32B6396C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8DD20E0D-4C6A-4B39-9699-6F2296BF8A54}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{640C0688-3EB1-4F30-8AEF-E4D4E9D90D16}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A2C5E6BA-1A22-4019-BFCE-FC6F2DDA32AD}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe
FirewallRules: [UDP Query User{DED76B8E-7F2A-442C-84D9-920959D67301}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe
FirewallRules: [{7FCC9565-1167-4834-9940-0BEC7924CF86}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-18 18:01:24.998
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:01:24.967
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:01:19.033
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:01:19.001
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:01:04.958
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:01:04.911
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:00:59.701
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:00:59.654
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:00:51.410
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-18 18:00:51.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 69%
Total physical RAM: 3975.55 MB
Available physical RAM: 1225.95 MB
Total Virtual: 7949.29 MB
Available Virtual: 3921.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:443.77 GB) (Free:249.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (BASTI) (Removable) (Total:1.95 GB) (Free:1.4 GB) FAT
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.7 GB) (Free:3.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive h: (Elements) (Fixed) (Total:931.48 GB) (Free:928.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50318F85)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 0005A83E)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 84E04926)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
22.07.2015, 08:05
| #7 |
| /// the machine /// TB-Ausbilder | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2015, 21:05
| #8 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Habe die Programme mit Revo deinstalliert. Bei AnyProtect kam allerdings die Fehlermeldung: "Unsinstall ist fehlgeschlagen! Vermutlich ungültiger deinstall Befehl" Das hab ich mit OK bestätigt. Danach lief der deinstall prozess weiter. Allerdings ist AnyProtect immer noch installiert. Folgende Programme sind auch neu und nicht wissentlich von mir installiert: SpaceSound Pro Super Optimizer DocToPDFConverter Combifix hab ich auch laufen lassen. Code:
ATTFilter ComboFix 15-07-20.01 - Christian 22.07.2015 19:20:11.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3976.1479 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Christian\AppData\Local\assembly\tmp
c:\users\Christian\AppData\Local\nsh77B.tmp
c:\users\Christian\AppData\Local\nss1E17.tmp
c:\users\Christian\AppData\Roaming\AnyProtectEx
c:\users\Christian\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\Christian\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\Christian\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\windows\SysWow64\nsbF703.tmp
c:\windows\SysWow64\nsmF82D.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-06-22 bis 2015-07-22 ))))))))))))))))))))))))))))))
.
.
2015-07-22 17:36 . 2015-07-22 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-22 17:05 . 2015-07-22 17:05 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-07-21 17:07 . 2015-07-21 17:07 -------- d-----w- c:\users\Christian\AppData\Roaming\Super Optimizer
2015-07-21 17:01 . 2015-07-21 17:01 -------- d-----w- c:\program files (x86)\Super Optimizer
2015-07-21 17:00 . 2015-07-21 17:00 -------- d-----w- c:\programdata\{29664609-479b-07cb-2966-646094791825}
2015-07-21 16:53 . 2015-07-21 16:53 -------- d-----w- c:\program files (x86)\FriendlyError
2015-07-21 16:52 . 2015-07-21 16:53 -------- d-----w- c:\program files\SpaceSoundPro
2015-07-21 16:52 . 2015-07-21 16:52 -------- d-----w- c:\program files (x86)\SpaceSondPro
2015-07-21 13:28 . 2015-07-21 13:28 -------- d-----w- c:\program files\iTunes
2015-07-21 13:28 . 2015-07-21 13:28 -------- d-----w- c:\program files (x86)\iTunes
2015-07-21 13:28 . 2015-07-21 13:28 -------- d-----w- c:\program files\iPod
2015-07-21 12:04 . 2015-07-21 12:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-21 12:04 . 2015-07-21 12:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-21 12:04 . 2015-07-21 12:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-21 12:04 . 2015-07-21 12:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-21 12:04 . 2015-07-21 12:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-21 12:04 . 2015-07-21 12:04 -------- d-----w- c:\program files (x86)\QuickTime
2015-07-21 11:07 . 2015-07-21 11:07 -------- d-----w- c:\users\Christian\SupTab
2015-07-21 11:07 . 2015-07-21 17:19 -------- d-----w- c:\program files (x86)\AnyProtectEx
2015-07-21 11:05 . 2015-07-21 11:05 -------- d-----w- c:\program files (x86)\Winsta
2015-07-21 11:05 . 2015-07-21 11:05 -------- d-----w- c:\users\Christian\AppData\Roaming\PDFConvert
2015-07-21 11:05 . 2015-07-21 11:05 -------- d-----w- c:\users\Christian\AppData\Roaming\DocToPDFConverter
2015-07-21 11:05 . 2015-07-21 11:05 -------- d-----w- c:\program files (x86)\Convertor
2015-07-21 11:05 . 2015-07-21 11:05 -------- d-----w- c:\programdata\IHProtectUpDate
2015-07-21 11:05 . 2015-07-21 11:05 -------- d-----w- c:\program files (x86)\MiuiTab
2015-07-21 11:05 . 2015-07-21 11:05 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-07-21 11:05 . 2015-07-21 11:05 0 ----a-w- c:\windows\prleth.sys
2015-07-21 11:05 . 2015-07-21 11:05 0 ----a-w- c:\windows\hgfs.sys
2015-07-21 11:04 . 2015-07-21 11:04 -------- d-----w- c:\program files (x86)\WordSurfer_1.10.0.19
2015-07-21 10:33 . 2015-07-21 10:33 -------- d-----w- c:\users\Christian\AppData\Local\Opera Software
2015-07-21 10:33 . 2015-07-21 10:33 -------- d-----w- c:\users\Christian\AppData\Roaming\Opera Software
2015-07-21 10:32 . 2015-07-21 10:35 -------- d-----w- c:\program files (x86)\Opera
2015-07-21 10:32 . 2015-07-21 14:32 -------- d-----w- c:\program files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B
2015-07-21 10:30 . 2004-07-02 15:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2015-07-21 10:30 . 2015-07-21 10:35 -------- d-----w- c:\program files (x86)\eRightSoft
2015-07-21 07:13 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 07:13 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 07:13 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 07:13 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 07:13 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-21 07:13 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-21 07:13 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-21 07:13 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-21 07:13 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 07:13 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-21 07:08 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6472BE8F-21C7-4659-9049-290EEC7FFEBE}\mpengine.dll
2015-07-16 06:52 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-16 06:52 . 2015-06-15 21:45 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-16 06:52 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-16 06:52 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-16 06:52 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-16 06:52 . 2015-06-15 21:45 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-16 06:52 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-16 06:52 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-16 06:52 . 2015-06-15 21:43 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-16 06:52 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-16 06:52 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-16 06:52 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-14 19:59 . 2015-07-14 19:59 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-07-01 08:56 . 2015-07-01 08:56 -------- d-----w- c:\program files (x86)\RAM Defrag
2015-07-01 08:56 . 2006-06-04 16:33 81920 ----a-w- c:\windows\SysWow64\GkSui20.EXE
2015-06-29 13:43 . 2015-06-29 13:43 229608 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-21 14:48 . 2014-09-16 07:42 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-21 07:02 . 2013-04-13 23:38 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-21 07:02 . 2013-04-13 23:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-14 09:44 . 2013-12-04 08:07 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-03 06:43 . 2013-11-18 13:40 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 06:41 . 2014-09-16 07:42 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-09-16 07:42 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-09-16 07:42 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-16 22:23 . 2015-06-16 22:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-06-16 22:23 . 2015-06-16 22:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-06-15 22:28 . 2015-06-15 22:28 61312 ----a-w- c:\windows\system32\drivers\wsafd_1_10_0_19.sys
2015-05-20 12:38 . 2015-05-20 12:38 17408 ----a-w- C:\psapi.dll
2015-05-09 03:27 . 2015-06-10 06:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-09 03:27 . 2015-06-10 06:54 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-09 03:27 . 2015-06-10 06:54 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-09 03:27 . 2015-06-10 06:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-09 03:26 . 2015-06-10 06:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-09 03:26 . 2015-06-10 06:54 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-09 03:26 . 2015-06-10 06:54 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-09 03:25 . 2015-06-10 06:54 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-09 03:20 . 2015-06-10 06:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-09 03:13 . 2015-06-10 06:54 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-09 03:13 . 2015-06-10 06:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-09 03:13 . 2015-06-10 06:54 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-09 03:12 . 2015-06-10 06:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-09 03:12 . 2015-06-10 06:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-09 03:08 . 2015-06-10 06:54 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-05-09 02:01 . 2015-06-10 06:54 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-05-09 02:01 . 2015-06-10 06:54 2048 ----a-w- c:\windows\SysWow64\user.exe
2015-05-09 01:59 . 2015-06-10 06:54 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 06:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-01 13:17 . 2015-05-13 15:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 15:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:22 . 2015-06-10 06:54 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-04-29 18:21 . 2015-06-10 06:54 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-04-29 18:21 . 2015-06-10 06:54 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-04-29 18:21 . 2015-06-10 06:54 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-04-29 18:19 . 2015-06-10 06:54 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-04-29 18:07 . 2015-06-10 06:54 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-04-29 18:07 . 2015-06-10 06:54 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-04-29 18:07 . 2015-06-10 06:54 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-04-29 18:05 . 2015-06-10 06:54 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2015-04-24 18:17 . 2015-06-10 06:54 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-04-24 17:56 . 2015-06-10 06:54 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}]
2015-07-16 03:23 544952 ----a-w- c:\program files (x86)\MiuiTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shotty"="c:\program files\Shotty\Shotty.exe" [2013-11-24 724480]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-30 6501656]
"Dropbox Update"="c:\users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-18 134512]
"Super Optimizer"="c:\program files (x86)\Super Optimizer\SupOptLauncher.exe" [2015-07-10 676400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-11-22 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-09-09 292088]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-22 12310616]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-01-26 1127800]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-22 348664]
"DR-C125 CaptureOnTouch"="c:\program files (x86)\Canon Electronics\DRC125\TouchDR.exe" [2011-06-03 892928]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2014-04-09 185144]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2014-02-10 336672]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-07-14 5579624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-06-16 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SpaceSondPro_v53.1102"="c:\program files (x86)\SpaceSondPro_v53.1102\SpaceSondPro_Service.exe" [2015-07-20 33288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-07 688984]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43871968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2014-3-6 1396440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-11-19 17:12 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 cae99edb;SuperOptimizer Stats;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gytehucu;Multiply Operating System;c:\program files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp;c:\program files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
R2 zejytose;Typewriter High Resolution;c:\program files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp;c:\program files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 Disconnect Desktop Updater;Disconnect Desktop Updater;c:\program files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe;c:\program files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys;c:\windows\SYSNATIVE\drivers\psd.sys [x]
S1 wsafd_1_10_0_19;wsafd_1_10_0_19;c:\windows\system32\drivers\wsafd_1_10_0_19.sys;c:\windows\SYSNATIVE\drivers\wsafd_1_10_0_19.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 IHProtect Service;IHProtect Service;c:\program files (x86)\MiuiTab\ProtectService.exe;c:\program files (x86)\MiuiTab\ProtectService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe;c:\program files (x86)\MediaMall\MediaMallServer.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 wsasvc_1.10.0.19;Word Surfer 1.10.0.19 Client Service;c:\program files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe;c:\program files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink Webcam Sharing Manager;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-13 07:02]
.
2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core.job
- c:\users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 13:43]
.
2015-07-22 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA.job
- c:\users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 13:43]
.
2015-07-20 c:\windows\Tasks\HPCeeScheduleForChristian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2015-07-22 c:\windows\Tasks\Superclean.job
- c:\programdata\{29664609-479b-07cb-2966-646094791825}\hqghumeaylnlf.exe [2014-07-21 17:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-07-22 8641536]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-11-22 1425408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 170280]
"SpaceSoundPro"="c:\program files\SpaceSoundPro\SpaceSoundPro.exe" [2015-07-07 15055360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314
mStart Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}
uSearchAssistant = www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: PlayOn - file://c:\program files (x86)\MediaMall\toolbar\MenuLoad.htm
TCP: Interfaces\{1272DC04-81FF-4FFF-BB08-2B9CE0C022C8}: NameServer = 52.17.204.69,8.8.8.8
TCP: Interfaces\{20C5A63C-BF94-49FA-8CEF-BC4163F6F7A8}: NameServer = 52.17.204.69,8.8.8.8
TCP: Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: NameServer = 52.17.204.69,8.8.8.8
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 52.17.204.69,8.8.8.8
TCP: Interfaces\{A6E50E83-F1D5-4553-8EB9-1FC45879DB89}: NameServer = 52.17.204.69,8.8.8.8
TCP: Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: NameServer = 52.17.204.69,8.8.8.8
TCP: Interfaces\{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}: NameServer = 52.17.204.69,8.8.8.8
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\
FF - prefs.js: browser.search.selectedEngine - istartsurf
FF - prefs.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
FF - user.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314
FF - user.js: browser.startup.page - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-RAM_DEFRAG - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Perfect Effects 8 PE - c:\windows\sysnative\wscript.exe
AddRemove-RAM Defrag - c:\windows\system32\GKSUI20.EXE
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gytehucu]
"ImagePath"="c:\program files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\zejytose]
"ImagePath"="c:\program files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-22 19:56:22
ComboFix-quarantined-files.txt 2015-07-22 17:56
.
Vor Suchlauf: 19 Verzeichnis(se), 266.718.650.368 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 266.205.196.288 Bytes frei
.
- - End Of File - - B01993EF7F48CE7C4C3BE50A0D117528
|
|
23.07.2015, 07:39
| #9 |
| /// the machine /// TB-Ausbilder | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Die kannste dann auch mit Revo deinstallieren. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2015, 15:00
| #10 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Hi, hier die Logs. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 23.07.2015 Suchlaufzeit: 09:13 Protokolldatei: amwb.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.22.07 Rootkit-Datenbank: v2015.07.22.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Christian Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 433083 Abgelaufene Zeit: 26 Min., 12 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 6 PUP.Optional.WProtectManager.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1868, Löschen bei Neustart, [6768e301bad091a50209a6c70ff6768a] PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, 2568, Löschen bei Neustart, [656ab72d4545b581e275cf8d16ebfa06] PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp, 2860, Löschen bei Neustart, [2ba43ba96b1f70c693167a23659f7888] PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp, 3812, Löschen bei Neustart, [2ba43ba96b1f70c693167a23659f7888] PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\CmdShell.exe, 4576, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f] PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\HPNotify.exe, 5312, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f] Module: 9 PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchFF.dll, Löschen bei Neustart, [5e7129bb3555a6901aa4f22ebf46f30d], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\BrowserAction.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\IeWatchDog.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], Registrierungsschlüssel: 68 PUP.Optional.WProtectManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [6768e301bad091a50209a6c70ff6768a], PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [656ab72d4545b581e275cf8d16ebfa06], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SupTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gytehucu, In Quarantäne, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zejytose, In Quarantäne, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [864940a45337ee4897a0be8a29daa45c], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [02cd895bcdbdb680141ab1dc36ceed13], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [379805df6129ee48b963aaed61a32ed2], PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, In Quarantäne, [4788eafaed9dd165cb3973974fb4867a], PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [9f304d97a0ea0531c551de2d0ef546ba], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [c00ff8ec9cee5adcdfc3ca5135cea55b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [6c63ab39fc8e65d1081af45efb08c838], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [a12edf053654fa3c548f48e7b54e47b9], PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\WOW6432NODE\SpaceSondPro, In Quarantäne, [1ab5766edfabee48abdb2e6f24e0c739], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [d7f8de06a1e91f17a0d3196719eb738d], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [19b65e8654361d19cc92090f46bd39c7], PUP.Optional.Zoom.A, HKLM\SOFTWARE\WOW6432NODE\ZoomWebLists, In Quarantäne, [bc139054ddada393f30e0308a85b41bf], PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [5a7531b37d0d79bd13fde4b5ce3645bb], PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, In Quarantäne, [d5fa796bb7d32115be53d6c332d222de], PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [9e31bb294743211556612ae1c043b050], PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, In Quarantäne, [f2dda0443d4de4529ea0e6afbb4923dd], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [d3fc8c5893f7e155a88f51f7a360a957], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ca051aca56343ff765c935587e86c838], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [9a352aba4644a88e6322a86df2111ae6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [438cca1ac6c4b3837f05df36d62dac54], PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, In Quarantäne, [cf00766e63273303b7f80e7fa65ed030], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [2ea1d410bcced462e52366bd6f94ab55], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [f4db687cf3976fc77013f2239073b24e], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [e0efc61eeaa03303d2a00c891ee65fa1], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [ac234c98addd59ddff1d47507094e51b], PUP.Optional.MiuiTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [4e81a1439deda88e94cfe7b78f75b947], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [bf109a4a47433204eb8fc16d0cf7649c], PUP.Optional.WordSurfer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsafd_1_10_0_19, In Quarantäne, [6e61885c246686b0acc9faa35ca837c9], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [8a45469e5f2b1f175ef159cc05fec13f], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [99362eb6d0ba41f5ee2129701ee63ac6], PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\AskPartnerNetwork, In Quarantäne, [c708d70d95f522147291cc3e52b1c63a], PUP.Optional.HomeTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\HomeTab, In Quarantäne, [9f30bc28b4d674c278f536074fb4fe02], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\SearchProtectWS, In Quarantäne, [9639e3011b6f3df97d0a47ce52b158a8], PUP.Optional.TNT.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\TNT2, In Quarantäne, [e3ec4a9a0f7b5dd97bb66bac52b1c13f], PUP.Optional.Wajam.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\WajIEnhance, In Quarantäne, [86494e96c6c49c9ae3514cd12cd76f91], PUP.Optional.Wajam.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\WajIntEnhance, In Quarantäne, [cf0010d40d7dbb7bb4ab7f9928dbd927], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [ad225094464495a114fba5f4c1435da3], PUP.Optional.CrossRider.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [933cfaea7614350116385f1a14f0ef11], PUP.Optional.CrossRider.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [77586c7895f5fd3970f1aa81eb1848b8], PUP.Optional.CrossRider.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\System NotifierV12.03, In Quarantäne, [a32c4b99563406308db9b96802017f81], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [f9d61aca107afb3b4edfd1bc54b08878], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [1eb13da74a4078bea4891f6edc28f808], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [6c63e5ffc7c30531e34a96f7d331ab55], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [06c994507218d066a786078624e05da3], PUP.Optional.Iminent.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [d6f97f65deac04322ffc57bb29da6b95], PUP.Optional.Iminent.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [507f8064f2987eb84ede3fd34eb5ae52], PUP.Optional.Linkey.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [953ad2127416092d939adb37828122de], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [636cdf05ee9c66d092d95041f80cd62a], PUP.Optional.Vosteran.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [99360adaff8b4ceae945d43e44bf649c], PUP.Optional.Wajam.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [c20d35af11792f079a954fc3649f748c], PUP.Optional.HomeTab.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\SIMPLYTECH\HomeTab, In Quarantäne, [3a959d479ceea5918af2e66861a2a060], PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\SUPER OPTIMIZER, In Quarantäne, [834ccf15dfab54e26c39b0e7da2aff01], PUP.Optional.AnyProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AnyProtect, In Quarantäne, [fbd49a4afd8de551f05018ee20e347b9], Registrierungswerte: 22 PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [02cd895bcdbdb680141ab1dc36ceed13] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, In Quarantäne, [cd02f9ebb7d341f546e89bf22fd5f709] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [379805df6129ee48b963aaed61a32ed2] PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, In Quarantäne, [15ba3ba94545c5718abb8c8103006898] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [ca051aca56343ff765c935587e86c838] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, In Quarantäne, [d7f8a4408703e74f9e90d2bba06444bc] PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|SpaceSondPro_v53.1102, C:\Program Files (x86)\SpaceSondPro_v53.1102\SpaceSondPro_Service.exe ro, In Quarantäne, [0bc4885c206a4ee8087d9efff41032ce] PUP.Optional.DeskCut.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskCutv2@gmail.com, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com, In Quarantäne, [656ab03418727cba52a0de29a06345bb] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [ac234c98addd59ddff1d47507094e51b] PUP.Optional.MiuiTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\MiuiTab, In Quarantäne, [4e81a1439deda88e94cfe7b78f75b947] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, face, In Quarantäne, [bf109a4a47433204eb8fc16d0cf7649c] PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gytehucu|ImagePath, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp, In Quarantäne, [2fa0519394f6280e8daa018c08fc59a7] PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zejytose|ImagePath, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp, In Quarantäne, [448b1dc7b5d5132390a8c1ccaf5523dd] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms}, In Quarantäne, [f9d61aca107afb3b4edfd1bc54b08878] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms}, In Quarantäne, [1eb13da74a4078bea4891f6edc28f808] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.istartsurf.com//favicon.ico, In Quarantäne, [923d43a13c4e092dd9542c611ce87f81] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [6c63e5ffc7c30531e34a96f7d331ab55] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, In Quarantäne, [e2ed36ae0f7b26105ad3b0dddc28bb45] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, In Quarantäne, [14bbb430cbbf3df99c91206d5ca84cb4] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&ts=1437476715&type=default&q={searchTerms}, In Quarantäne, [06c994507218d066a786078624e05da3] PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\CHRIST~1\AppData\Local\Temp\nsiEB1.tmp\SuperOptimizer.exe, In Quarantäne, [834ccf15dfab54e26c39b0e7da2aff01] PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, hxxp://supc37.superpctools.revenuewire.net/spu/register?221002045_365A101A-58B2-4393-88A5-6D61C97DDC2C, In Quarantäne, [5a75dc08f5956bcb198bcdc706fe966a] Registrierungsdaten: 11 PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),Ersetzt,[4a85e8fccbbf2e086d0f70be5ea7ee12] PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),Ersetzt,[527d6183d4b6fe389040ed3fa461a45c] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[7e5118ccfd8dac8a3283d5635da8ef11] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),Ersetzt,[19b6e20291f9ae88a5d7db53c04548b8] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),Ersetzt,[9f305e86711970c660d8002dbe47d729] PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),Ersetzt,[b31c00e4305a62d4ce0266c6f70e1fe1] PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),Ersetzt,[a82716ce781284b257797ab208fd8d73] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437476658&z=3d9836ce7d2756b5f03345eg8zac8m3z1maq6q7o4q&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),Ersetzt,[735c01e31a70dd5944f46cc126df2dd3] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[14bb4b99ddadf145edc8b58346bf34cc] PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314),Ersetzt,[8b44cb19503ae84e5b729696d233a65a] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-263877971-3702004810-1081422831-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=dspp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314&q={searchTerms}),Ersetzt,[953a11d37b0fba7c152194999f667a86] Ordner: 81 PUP.Optional.SuperOptimizer.A, C:\ProgramData\{29664609-479b-07cb-2966-646094791825}, In Quarantäne, [c9067d673b4f1a1cff4b771dc83c38c8], PUP.Optional.Convert, C:\Users\Christian\AppData\Roaming\PDFConvert, In Quarantäne, [d8f7d11323672b0b5a5d2673798bd22e], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B, Löschen bei Neustart, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [79561aca1e6cd2645dda895fe0221fe1], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [79561aca1e6cd2645dda895fe0221fe1], PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.245194, In Quarantäne, [cd02c51fe1a9ba7cdd858564ef1326da], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [21ae865eaedc979fc17c748856ac36ca], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [21ae865eaedc979fc17c748856ac36ca], PUP.Optional.SystemNotifier.A, C:\Program Files (x86)\System NotifierV12.03, In Quarantäne, [21ae29bb6b1f67cf6c0cd828758ea759], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup, In Quarantäne, [e5ea02e2c3c7ef478ca821e12ed59868], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\installer, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\language, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\logs, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\scan_results, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\swf, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx, In Quarantäne, [fbd49a4afd8de551f05018ee20e347b9], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\image, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\en-US, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-419, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-ES, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-BE, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CA, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CH, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-FR, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-LU, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-CH, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-IT, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pl, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt-BR, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru-MO, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\tr-TR, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\vi-VI, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-CN, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-TW, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pl, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\tr, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\vi, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults\preferences, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\chrome, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\chrome\content, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\chrome\skin, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], Dateien: 185 PUP.Optional.WProtectManager.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [6768e301bad091a50209a6c70ff6768a], PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, Löschen bei Neustart, [656ab72d4545b581e275cf8d16ebfa06], PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchFF.dll, Löschen bei Neustart, [5e7129bb3555a6901aa4f22ebf46f30d], PUP.Optional.SupTab.A, C:\Program Files (x86)\MiuiTab\SupTab.dll, In Quarantäne, [dff08a5ac2c884b2c2cb3351d52dcc34], PUP.Optional.SuperOptimizer.A, C:\ProgramData\{29664609-479b-07cb-2966-646094791825}\hqghumeaylnlf.exe, In Quarantäne, [d7f8b52f82086dc9a1dfadf83bc6d32d], PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe, In Quarantäne, [6966faea9eec76c04d102446b94cdd23], PUP.Optional.CrossRider.A, C:\Program Files (x86)\System NotifierV12.03\utils.exe, In Quarantäne, [715ef0f49feb57dfa1d93686936e25db], PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchCH.dll, In Quarantäne, [e5ea796b167465d116a8bc6465a014ec], PUP.Optional.WordSurfer.A, C:\Users\Christian\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [25aa94508208ab8bdea75c115baa19e7], PUP.Optional.AnyProtect, C:\Users\Christian\AppData\Local\nsyE3DE.tmp, In Quarantäne, [f9d60ada068444f2dc8bea93a45edc24], PUP.Optional.AnyProtect.A, C:\Users\Christian\Desktop\AnyProtect.lnk, In Quarantäne, [ae210adaa1e90333484747c7798ac53b], PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\searchplugins\istartsurf.xml, In Quarantäne, [4c831aca3b4faf8700d835fb24dfda26], PUP.Optional.Vitruvian.A, C:\Users\Christian\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, In Quarantäne, [3c93598b414960d65783e2a514f0c13f], PUP.Optional.SuperOptimizer.A, C:\ProgramData\{29664609-479b-07cb-2966-646094791825}\hqghumeaylnlf.dat, In Quarantäne, [c9067d673b4f1a1cff4b771dc83c38c8], PUP.Optional.SuperOptimizer.A, C:\ProgramData\{29664609-479b-07cb-2966-646094791825}\8c6db9af6a4323ea, In Quarantäne, [c9067d673b4f1a1cff4b771dc83c38c8], PUP.Optional.SuperOptimizer.A, C:\ProgramData\{29664609-479b-07cb-2966-646094791825}\bbcd6f56933328ba, In Quarantäne, [c9067d673b4f1a1cff4b771dc83c38c8], PUP.Optional.SuperOptimizer.A, C:\ProgramData\{29664609-479b-07cb-2966-646094791825}\bbcd6f56933328ba.lock, In Quarantäne, [c9067d673b4f1a1cff4b771dc83c38c8], PUP.Optional.Convert, C:\Users\Christian\AppData\Roaming\PDFConvert\tosty.dat, In Quarantäne, [d8f7d11323672b0b5a5d2673798bd22e], PUP.Optional.Convert, C:\Users\Christian\AppData\Roaming\PDFConvert\SWUpdate.exe, In Quarantäne, [d8f7d11323672b0b5a5d2673798bd22e], PUP.Optional.WinKit, C:\Windows\System32\Tasks\WinKit, In Quarantäne, [9837c71dd7b305311e9a237614f0df21], PUP.Optional.Winsta, C:\Windows\System32\Tasks\Winsta Update, In Quarantäne, [e2ed4f959ded6acce4d5dbbeff05eb15], PUP.Optional.Superclean.A, C:\Windows\System32\Tasks\Superclean, In Quarantäne, [dbf4f6ee434722140b7e9ffe39cb9868], PUP.Optional.Superclean.A, C:\Windows\Tasks\Superclean.job, In Quarantäne, [c50a7a6a1872cd69b1d9c6d726dec838], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\knsnB66.tmp, In Quarantäne, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\jnsz1C78.tmp, Löschen bei Neustart, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\rnsj16E8.exe, In Quarantäne, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\Uninstall.exe, In Quarantäne, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\3F76978B-1437474737-11E3-9503-8866B900800B\vnsjF922.tmp, In Quarantäne, [2ba43ba96b1f70c693167a23659f7888], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [79561aca1e6cd2645dda895fe0221fe1], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [21ae865eaedc979fc17c748856ac36ca], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup\AnyProtect.lnk, In Quarantäne, [e5ea02e2c3c7ef478ca821e12ed59868], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup\Uninstall.lnk, In Quarantäne, [e5ea02e2c3c7ef478ca821e12ed59868], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\installer\ab.test.json, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\installer\tempfile.t, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Users\Christian\AppData\Roaming\AnyProtectEx\swf\mov01.swf, In Quarantäne, [d3fc43a1abdf7fb7053028da41c20bf5], PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\product.guid, In Quarantäne, [fbd49a4afd8de551f05018ee20e347b9], PUP.Optional.AnyProtect.A, C:\Program Files (x86)\AnyProtectEx\Uninstall.exe, In Quarantäne, [fbd49a4afd8de551f05018ee20e347b9], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\BrowserAction.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\CmdShell.exe, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\conf, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\defsearchp@gmail.com!1.0.0.1039.xpi, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\HPNotify.exe, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\IeWatchDog.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\install.data, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcp110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\msvcr110.dll, Löschen bei Neustart, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\searchProvider.xml, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\uninstall.exe, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\about.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\about_bk.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\btn.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\btn_apply.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\close.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\conf.xml, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\conf_back.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\input_bk.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\logo.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\main.xml, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\radio_1.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\radio_2.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\rigth_arrow.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\skin\settings.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\data.html, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\indexIE.html, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\indexIE8.html, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\main.css, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\ver.txt, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\google_trends.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\icon128.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\icon16.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\icon48.png, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\loading.gif, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\img\logo32.ico, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\common.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\ga.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\jquery.autocomplete.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\jquery.xdomainrequest.min.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\js.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\library.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\xagainit-ie8.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\xagainit2.0.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\js\xdomain.min.js, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\en-US\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-419\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\es-ES\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-BE\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CA\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-CH\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-FR\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\fr-LU\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-CH\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\it-IT\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pl\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\pt-BR\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\ru-MO\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\tr-TR\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\vi-VI\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-CN\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.MiuiTab.A, C:\Program Files (x86)\MiuiTab\web\_locales\zh-TW\messages.json, In Quarantäne, [9a3542a2c8c242f4ad9721e5ee15c13f], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\domain, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\expirationDate, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\hotsearch, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\hotsearch_uptime, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\name, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\path, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\set_country, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\set_z, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\TABts, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\uid, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\url, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.SupTab.A, C:\Users\Christian\SupTab\_ver, In Quarantäne, [646b9f45d8b23105ad509274a45f2dd3], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome.manifest, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\install.rdf, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\index.html, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\icon.png, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\loading.gif, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\logo.png, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\luck.png, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\simple.css, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\chrome\skin\style.css, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\addonmanager.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\aes.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\config.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\dialogs.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\last_tab.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\misc.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\properties.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\remoterequest.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\restoreprefs.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DeskCut.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\deskCutv2@gmail.com\modules\settings.js, In Quarantäne, [c50afbe985054ceab0dbda2d54af48b8], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\chrome.manifest, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\install.rdf, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.DefaultSearchProtected.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com\chrome\skin\icon.png, In Quarantäne, [d3fcf5efc6c49b9b9a1f44c3f0137a86], PUP.Optional.QuickStart.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[478811d3f09ac274c301106044c16c94] PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "istartsurf");), Ersetzt,[bc137272dfab47efdc00d69a0afb7b85] PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "istartsurf");), Ersetzt,[06c9786cfb8f74c294496f01c93c28d8] PUP.Optional.HttpBreaker.A, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hppp), Ersetzt,[b21d5f8579117bbbf7857df77b8a28d8] PUP.Optional.IStartSurf.ShrtCln, C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\prefs.js, Gut: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (browser.startup.homepage", "hxxp://www.istartsurf.com), Ersetzt,[b11ec02415755cda3f42294b48bdfc04] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x64
Ran by Christian on 23.07.2015 at 14:01:46,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [Service] mediamall server [Reboot required]
Successfully deleted: [Service] pezehomi [Reboot required]
~~~ Tasks
Successfully deleted: [Task] C:\windows\system32\tasks\Convertor
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\Users\Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Successfully disinfected: [Shortcut] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
~~~ Folders
Failed to delete: [Folder] C:\Program Files (x86)\mediamall
Successfully deleted: [Folder] C:\Program Files (x86)\convertor
Successfully deleted: [Folder] C:\Program Files (x86)\winsta
Successfully deleted: [Folder] C:\ProgramData\DIGITA~1
Successfully deleted: [Folder] C:\ProgramData\mediamall
Successfully deleted: [Folder] C:\Users\Christian\Appdata\Local\DIGITA~1
Successfully deleted: [Folder] C:\Users\Christian\AppData\Roaming\DIGITA~1
Successfully deleted: [Folder] C:\ProgramData\ffba4fe600001aaf
~~~ FireFox
Successfully deleted: [File] C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\bqu534lq.default\user.js
Successfully deleted: [File] C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\bqu534lq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted: [Folder] C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\bqu534lq.default\extensions\staged
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@playon.tv/playontoolbar
Successfully deleted the following from C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\bqu534lq.default\prefs.js
user_pref(browser.search.searchengine.alias, istartsurf);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.istartsurf.com/web/favicon.ico);
user_pref(browser.search.searchengine.name, istartsurf);
user_pref(browser.search.searchengine.ptid, face);
user_pref(browser.search.searchengine.uid, WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314);
user_pref(browser.search.searchengine.url, hxxp://www.istartsurf.com/web/?type=dspp&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\bqu534lq.default\minidumps [37 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Christian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2015 at 15:51:29,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 23/07/2015 um 15:54:14
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Christian - CW-NOTEBOOK
# Gestarted von : C:\Users\Christian\Downloads\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoViewer
Ordner Gelöscht : C:\Program Files (x86)\VideoViewer
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoViewer
Datei Gelöscht : C:\END
***** [ Geplante Tasks ] *****
Task Gelöscht : WinKit
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SDP
Schlüssel Gelöscht : HKLM\SOFTWARE\82914d35-ba3a-66f9-5f06-94ac798e1422
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\Kromtech
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\searchult
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Mozilla Firefox v39.0 (x86 de)
-\\ Google Chrome v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [7903 Bytes] - [16/09/2014 21:24:36]
AdwCleaner[R1].txt - [2803 Bytes] - [23/07/2015 15:53:12]
AdwCleaner[S0].txt - [7918 Bytes] - [16/09/2014 21:27:13]
AdwCleaner[S1].txt - [2398 Bytes] - [23/07/2015 15:54:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2457 Bytes] ##########
|
|
23.07.2015, 15:07
| #11 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC ich hatte ausversehen die Reihenfolge von ADW Cleaner und Junkware REmoval Tool vertaucht. hoffe das ist OK. hier noch FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Christian (administrator) on CW-NOTEBOOK on 23-07-2015 16:03:34
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian (Available Profiles: Christian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Esker S.A.) C:\Program Files (x86)\Esker\Common\ESLCBcst.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(hxxp://shotty.devs-on.net) C:\Program Files\Shotty\Shotty.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\wiawow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-07-22] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-11-22] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-09-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-11-22] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-09-09] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2013-11-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DR-C125 CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe [892928 2011-06-03] (Canon Electronics Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Run: [Shotty] => C:\Program Files\Shotty\Shotty.exe [724480 2013-11-24] (hxxp://shotty.devs-on.net)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-11-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll No File
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\..\Interfaces\{1272DC04-81FF-4FFF-BB08-2B9CE0C022C8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{20C5A63C-BF94-49FA-8CEF-BC4163F6F7A8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{A6E50E83-F1D5-4553-8EB9-1FC45879DB89}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{B9459966-CA3A-49A1-AF3E-0C4E12084836}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}: [NameServer] 52.18.92.32,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default
FF Homepage: https://www.malwarebytes.org/restorebrowser/&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-22] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-22] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-07-20] (Digital Persona, Inc.)
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\searchplugins\ecosia.xml [2014-09-16]
FF Extension: Disconnect - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\2.0@disconnect.me [2015-03-04]
FF Extension: Disconnect Search - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\search@disconnect.me [2015-03-04]
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\artur.dubovoy@gmail.com [2015-05-29]
FF Extension: PlayOn - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\playonplugin@playon.tv [2014-09-08]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-11-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com
FF HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2013-11-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 Disconnect Desktop Updater; C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-02-27] (Disconnect)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.)
R2 EskerLicenseControl; C:\Program Files (x86)\Esker\Common\eslcbcst.exe [315479 2008-08-25] (Esker S.A.) [File not signed]
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-01-27] (Infineon Technologies AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-22] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-01-27] (Infineon Technologies AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-07-22] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2013-11-22] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2013-11-22] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-09-09] (Broadcom Corporation.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [14000 2008-07-08] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 16:03 - 2015-07-23 16:04 - 00028898 _____ C:\Users\Christian\Downloads\FRST.txt
2015-07-23 15:56 - 2015-07-23 15:56 - 00000000 ____D C:\windows\LastGood
2015-07-23 15:51 - 2015-07-23 15:51 - 00004441 _____ C:\Users\Christian\Desktop\JRT.txt
2015-07-23 14:03 - 2015-07-23 14:03 - 00000000 ____D C:\ProgramData\MediaMall
2015-07-23 14:00 - 2015-07-23 14:00 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Christian\Downloads\JRT.exe
2015-07-23 09:22 - 2015-07-23 09:22 - 02248704 _____ C:\Users\Christian\Downloads\AdwCleaner_4.208.exe
2015-07-23 09:08 - 2015-07-23 09:08 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-07-23 08:47 - 2015-07-23 09:21 - 00940032 _____ C:\Users\Christian\Desktop\UV Lauder.xls
2015-07-23 08:47 - 2015-07-23 09:21 - 00727552 _____ C:\Users\Christian\Desktop\UV Aramis.xlsx
2015-07-23 08:47 - 2015-07-23 09:20 - 00736256 _____ C:\Users\Christian\Desktop\UV Clinique.xlsx
2015-07-23 08:47 - 2015-07-23 09:18 - 00736256 _____ C:\Users\Christian\Desktop\Sicherungskopie von UV Clinique.xlk
2015-07-23 08:47 - 2015-07-23 09:17 - 00727552 _____ C:\Users\Christian\Desktop\Sicherungskopie von UV Aramis.xlk
2015-07-23 08:47 - 2015-07-23 09:15 - 00940032 _____ C:\Users\Christian\Desktop\Sicherungskopie von UV Lauder.xlk
2015-07-23 08:45 - 2015-07-23 08:45 - 00003276 _____ C:\windows\System32\Tasks\{DAF7E351-6B08-46E9-B353-55E4A0C5E789}
2015-07-22 19:56 - 2015-07-22 19:56 - 00049680 _____ C:\ComboFix.txt
2015-07-22 19:17 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-22 19:17 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-22 19:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-22 19:16 - 2015-07-22 19:57 - 00000000 ____D C:\Qoobox
2015-07-22 19:14 - 2015-07-22 19:50 - 00000000 ____D C:\windows\erdnt
2015-07-22 19:12 - 2015-07-22 19:12 - 05632853 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2015-07-22 19:05 - 2015-07-22 19:05 - 00001264 _____ C:\Users\Christian\Desktop\Revo Uninstaller.lnk
2015-07-22 19:05 - 2015-07-22 19:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-22 19:04 - 2015-07-22 19:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian\Downloads\revosetup95.exe
2015-07-21 18:32 - 2015-07-21 18:32 - 00152240 _____ C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-21 18:20 - 2015-07-23 15:55 - 00000336 _____ C:\windows\setupact.log
2015-07-21 18:20 - 2015-07-21 18:20 - 00000000 _____ C:\windows\setuperr.log
2015-07-21 18:19 - 2015-07-23 15:55 - 00085582 _____ C:\windows\PFRO.log
2015-07-21 18:19 - 2015-07-21 18:20 - 00570816 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-21 17:39 - 2015-07-21 17:39 - 00380416 _____ C:\Users\Christian\Downloads\lwx3kwsc.exe
2015-07-21 17:28 - 2015-07-21 17:28 - 02135552 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-07-21 17:25 - 2015-07-21 17:25 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2015-07-21 16:45 - 2015-07-21 16:45 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-21 15:28 - 2015-07-21 15:28 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files\iTunes
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files\iPod
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-21 14:04 - 2015-07-21 14:04 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-21 14:04 - 2015-07-21 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-21 14:04 - 2015-07-21 14:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 _____ C:\windows\prleth.sys
2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 _____ C:\windows\hgfs.sys
2015-07-21 12:33 - 2015-07-21 12:33 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Opera Software
2015-07-21 12:33 - 2015-07-21 12:33 - 00000000 ____D C:\Users\Christian\AppData\Local\Opera Software
2015-07-21 12:32 - 2015-07-21 12:35 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-21 12:30 - 2015-07-21 12:35 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2015-07-21 12:30 - 2015-07-21 12:30 - 00000000 ____D C:\Users\Christian\Documents\eRightSoft
2015-07-21 12:30 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\windows\SysWOW64\pncrt.dll
2015-07-21 12:30 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\drvc.dll
2015-07-21 09:42 - 2015-07-21 12:11 - 2152198208 _____ C:\Users\Christian\Desktop\Wiedemann Image Film.mov
2015-07-21 09:13 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-21 09:13 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-21 09:13 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-21 09:13 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-21 09:13 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-21 09:13 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-21 09:13 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-21 09:13 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-21 09:13 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-21 09:13 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-20 13:23 - 2015-07-20 14:52 - 00158208 _____ C:\Users\Christian\Desktop\Kopie von bestellformular_hp_x-mas_2015_excel.xls
2015-07-20 13:03 - 2015-07-20 14:52 - 00168960 _____ C:\Users\Christian\Desktop\Kopie von bestellformular_wdw_2015_excel.xls
2015-07-16 14:35 - 2015-07-16 14:36 - 00000000 ____D C:\Users\Christian\Desktop\Wirtschaftspreis
2015-07-16 10:07 - 2015-07-16 13:06 - 00125980 _____ C:\Users\Christian\Desktop\Liquidtätsplan Kopie leer.xlsx
2015-07-16 08:53 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-16 08:53 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-16 08:53 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-16 08:53 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-16 08:53 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-16 08:53 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-16 08:53 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-16 08:53 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-16 08:53 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-16 08:53 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-16 08:53 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-16 08:53 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-16 08:53 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-16 08:53 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-16 08:53 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-16 08:53 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-16 08:53 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-16 08:53 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-16 08:53 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-16 08:53 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-16 08:53 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-16 08:53 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-16 08:53 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-16 08:53 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-16 08:53 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-16 08:53 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-16 08:53 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-16 08:53 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-16 08:53 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-16 08:53 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-16 08:53 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-16 08:53 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-16 08:53 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-16 08:53 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-07-16 08:53 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-16 08:53 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-07-16 08:53 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-16 08:53 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-16 08:53 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-16 08:53 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-16 08:53 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-07-16 08:53 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-16 08:53 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-16 08:53 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-16 08:53 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-07-16 08:53 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-16 08:53 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-16 08:53 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-16 08:53 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-16 08:53 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-07-16 08:53 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-07-16 08:53 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-16 08:53 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-16 08:53 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-16 08:53 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-16 08:53 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-16 08:53 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-16 08:53 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-16 08:53 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-16 08:53 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-16 08:53 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-07-16 08:53 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-16 08:53 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-16 08:53 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-16 08:53 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-16 08:53 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-16 08:53 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-07-16 08:53 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-16 08:53 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-16 08:53 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-16 08:53 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-16 08:53 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-07-16 08:53 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-16 08:53 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-16 08:53 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-16 08:53 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-16 08:53 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-16 08:53 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-16 08:53 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-16 08:53 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-07-16 08:53 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-16 08:53 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-16 08:53 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-16 08:53 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-16 08:53 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-16 08:53 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-16 08:52 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-16 08:52 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-16 08:52 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-16 08:52 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-16 08:52 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-16 08:52 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-16 08:52 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-16 08:52 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-16 08:52 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-16 08:52 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-16 08:52 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-16 08:52 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-14 22:31 - 2015-07-14 22:32 - 00000000 ____D C:\Users\Christian\Desktop\Männertour 2015
2015-07-14 21:59 - 2015-07-14 21:59 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-07-14 21:59 - 2015-07-14 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-14 21:59 - 2015-07-14 21:59 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-12 18:22 - 2015-07-12 18:22 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-10 09:59 - 2015-07-10 09:59 - 00000000 ____D C:\Users\Christian\Desktop\Skoda
2015-07-07 10:48 - 2015-07-07 10:48 - 00013204 _____ C:\Users\Christian\Desktop\Email BF stand 07.07.15.xlsx
2015-07-07 10:47 - 2015-07-07 10:47 - 00013204 _____ C:\Users\Christian\Documents\Email BF stand 07.07.15.xlsx
2015-07-07 10:26 - 2015-07-07 10:27 - 00000000 ____D C:\Users\Christian\Desktop\Musik Basti
2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Defrag
2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAM Defrag
2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\Program Files (x86)\RAM Defrag
2015-07-01 10:56 - 2006-06-04 18:33 - 00081920 _____ C:\windows\SysWOW64\GkSui20.EXE
2015-06-29 09:25 - 2015-06-29 09:25 - 00001002 _____ C:\Users\Public\Desktop\IrfanView.lnk
2015-06-29 09:22 - 2015-06-29 09:39 - 00000000 ____D C:\Users\Christian\Desktop\Fotos Sommerfest
2015-06-25 08:51 - 2015-06-25 08:51 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 16:04 - 2009-07-14 06:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 16:04 - 2009-07-14 06:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 16:03 - 2015-04-22 11:19 - 00000000 ____D C:\FRST
2015-07-23 16:00 - 2013-11-03 04:05 - 01734277 _____ C:\windows\WindowsUpdate.log
2015-07-23 15:57 - 2013-11-27 10:09 - 00000000 ___RD C:\Users\Christian\Dropbox
2015-07-23 15:57 - 2013-11-27 09:55 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox
2015-07-23 15:57 - 2013-11-26 18:24 - 00000181 _____ C:\windows\setscan.ini
2015-07-23 15:57 - 2013-11-18 15:42 - 00000000 ____D C:\Users\Christian\AppData\Local\LogMeIn Hamachi
2015-07-23 15:55 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-23 15:54 - 2015-06-18 15:43 - 00001240 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA.job
2015-07-23 15:54 - 2014-09-16 21:24 - 00000000 ____D C:\AdwCleaner
2015-07-23 15:51 - 2014-09-16 09:42 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 15:51 - 2014-01-19 12:38 - 00001160 _____ C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-23 15:51 - 2013-11-18 15:18 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-23 15:51 - 2013-11-18 13:11 - 00001421 _____ C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-23 14:03 - 2014-09-08 15:57 - 00000000 ____D C:\Program Files (x86)\MediaMall
2015-07-23 13:54 - 2015-06-18 15:43 - 00001188 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core.job
2015-07-23 13:10 - 2009-07-14 05:20 - 00000000 ____D C:\windows\TAPI
2015-07-23 13:09 - 2013-11-18 13:07 - 00000000 ____D C:\Users\Christian
2015-07-23 08:59 - 2013-11-03 04:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-07-23 08:59 - 2013-04-14 01:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-23 08:59 - 2013-04-14 00:45 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-23 08:40 - 2013-11-18 13:11 - 00003958 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{43550C9A-71F1-4A37-9F36-CF91E81C2D37}
2015-07-22 19:57 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-22 19:36 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-21 18:20 - 2013-04-14 01:38 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-21 16:45 - 2014-09-16 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-21 16:45 - 2014-09-16 09:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-21 16:37 - 2013-04-13 22:35 - 00703214 _____ C:\windows\system32\perfh007.dat
2015-07-21 16:37 - 2013-04-13 22:35 - 00150822 _____ C:\windows\system32\perfc007.dat
2015-07-21 16:37 - 2009-07-14 07:13 - 01629436 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-21 15:28 - 2015-04-23 09:22 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-21 15:28 - 2013-11-22 16:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-21 09:02 - 2013-04-14 01:38 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-21 09:02 - 2013-04-14 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-21 09:02 - 2013-04-14 01:38 - 00003770 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-20 14:35 - 2013-11-24 18:21 - 00003210 _____ C:\windows\System32\Tasks\HPCeeScheduleForChristian
2015-07-20 14:35 - 2013-11-24 18:21 - 00000348 _____ C:\windows\Tasks\HPCeeScheduleForChristian.job
2015-07-20 14:13 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-07-20 13:49 - 2015-06-18 15:43 - 00004218 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA
2015-07-20 13:49 - 2015-06-18 15:43 - 00003822 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core
2015-07-20 11:02 - 2013-11-21 17:11 - 00002036 ____H C:\Users\Christian\Documents\Default.rdp
2015-07-20 08:52 - 2013-11-21 16:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 19:31 - 2013-11-20 08:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 19:27 - 2013-11-18 15:40 - 00000000 ____D C:\windows\system32\MRT
2015-07-16 15:57 - 2014-07-30 15:24 - 00010240 _____ C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-16 08:54 - 2014-12-23 16:08 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 11:44 - 2013-12-04 10:07 - 00033856 ____H (LogMeIn, Inc.) C:\windows\system32\hamachi.sys
2015-07-14 08:34 - 2013-11-20 08:36 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-07-07 12:41 - 2014-01-20 09:52 - 32435718 _____ C:\PAGE.BMP
2015-07-07 12:41 - 2014-01-20 09:52 - 04061206 _____ C:\1BPP_0.BMP
2015-07-07 08:48 - 2013-11-25 22:14 - 00000000 ____D C:\Users\Public\Documents\Sonstigtes
2015-07-06 08:50 - 2013-11-18 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 16:18 - 2014-02-14 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 15:54 - 2013-11-25 22:14 - 00000000 ____D C:\Users\Public\Documents\Steuer
2015-07-03 08:43 - 2013-11-18 15:40 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-30 16:25 - 2014-08-25 12:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2015-06-23 17:14 - 2014-08-13 20:18 - 00000000 __SHD C:\Users\Christian\AppData\Local\EmieUserList
2015-06-23 17:14 - 2014-08-13 20:18 - 00000000 __SHD C:\Users\Christian\AppData\Local\EmieSiteList
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-07-30 15:24 - 2015-07-16 15:57 - 0010240 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-09 17:42 - 2014-12-09 17:42 - 0000870 _____ () C:\Users\Christian\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_gv49p.dll
C:\Users\Christian\AppData\Local\Temp\newversion.exe
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\sqlite3.dll
C:\Users\Christian\AppData\Local\Temp\Uninstall.exe
C:\Users\Christian\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-23 09:55
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Christian at 2015-07-23 16:04:53
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-263877971-3702004810-1081422831-500 - Administrator - Disabled)
Christian (S-1-5-21-263877971-3702004810-1081422831-1001 - Administrator - Enabled) => C:\Users\Christian
Gast (S-1-5-21-263877971-3702004810-1081422831-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-263877971-3702004810-1081422831-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AstroConnect Software 5.5.1 (HKLM-x32\...\{684FA762-D9FD-4540-9EF8-CF1E216ABA2E}) (Version: 5.5.1 - AstroConnect)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira Professional Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.1.9.1580 - Avira)
AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation)
Canon driver for DR-C125 (x64) (HKLM\...\{C37F594E-F7D0-4A1E-8AB3-6605D7D11C4B}) (Version: 1.0.4182 - Canon Electronics inc.)
CaptureOnTouch Evernote Plugin (HKLM-x32\...\{CE27CA2B-7663-4F6B-8E61-A455390AC71F}) (Version: 1.0.10511 - Canon Electronics Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ChefplanAddIn (HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\82D681645116BE764FBC66B0ED0179BA228F91E9) (Version: 1.1.0.61 - BBE Handelsberatung GmbH)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
congstar Internet-Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Disconnect Desktop (HKLM-x32\...\Disconnect Desktop 1.0.5) (Version: 1.0.5 - Disconnect)
Disconnect Desktop (x32 Version: 1.0.5 - Disconnect) Hidden
DR-C125 CaptureOnTouch (HKLM-x32\...\{C67FF523-F257-4A3F-AE4D-08671E727A0E}) (Version: 2.1.111.613 - Canon Electronics Inc.)
DR-C125 UserManual (HKLM-x32\...\{E3171A4D-FC3B-48CE-87A8-8C1BE9953E5F}) (Version: 1.04.0000 - Canon Electronics Inc.)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Embedded Security for HP ProtectTools (HKLM\...\{43BE25B8-E69F-42CF-9414-7DDCF891629B}) (Version: 7.0.000.2882 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Friendly Error (HKLM-x32\...\FriendlyError) (Version: - )
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C65D5947-5FAF-499E-859F-75C3852D84B0}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{4CC65EFD-0604-4978-B336-C43283645D58}) (Version: 2.0.1514 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver (x32 Version: 2.0.1514 - KYOCERA Document Solutions Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Nail & Cosmetic Studio 3 (HKLM-x32\...\My Nail & Cosmetic Studio 3) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
OpenVPN 2.3.4-I603 (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I603 - )
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.49 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Perfect Effects 8 (HKLM-x32\...\Perfect Effects 8 PE) (Version: 8.5.1 - onOne Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayLater (HKLM-x32\...\{55B5C370-E2FD-40E0-9646-FA58D9E90DB8}) (Version: 1.6.2 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{99C4F0B1-E1A0-4B72-8E2B-184A8505BC2F}) (Version: 3.10.2 - MediaMall Technologies, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RAM Defrag (HKLM-x32\...\RAM Defrag) (Version: 2.84 - Catbytes Software)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Shotty - Kleines aber eindrucksvolles Screenshot Tool (HKLM\...\2e730c18-03e8-4d1d-8fc2-0ee3ea04a765) (Version: 2.0.2.216 - Thomas Baumann)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmarTerm (HKLM-x32\...\{415666CF-8A1B-4836-AB41-0FF01D16545E}) (Version: 13.0.0 - Esker)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Transalp 2003 (HKLM-x32\...\Transalp 2003) (Version: - )
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.3 - uvnc bvba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.2.0.9 - AVTECH Corporation, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-263877971-3702004810-1081422831-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-07-2015 18:02:31 Windows Update
22-07-2015 19:05:50 Revo Uninstaller's restore point - AnyProtect
22-07-2015 19:08:55 Revo Uninstaller's restore point - istartsurf uninstall
22-07-2015 19:10:51 Revo Uninstaller's restore point - VideoPlayer 1.2.0.8
23-07-2015 08:46:03 Revo Uninstaller's restore point - DocToPDFConverter
23-07-2015 08:49:35 Revo Uninstaller's restore point - Friendly Error
23-07-2015 08:52:47 Revo Uninstaller's restore point - SpaceSoundPro Service
23-07-2015 08:59:19 Revo Uninstaller's restore point - Theft Recovery for HP ProtectTools
23-07-2015 08:59:43 Removed Theft Recovery for HP ProtectTools
23-07-2015 09:00:28 Revo Uninstaller's restore point - Super Optimizer v3.2
23-07-2015 09:07:47 Revo Uninstaller's restore point - WordSurfer 1.10.0.19
23-07-2015 14:01:49 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-07-22 19:36 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {014203D3-07BD-4F16-938C-2F542606F01A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0279B360-6BF9-49C2-89FF-E6E44EE8B665} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-21] (Adobe Systems Incorporated)
Task: {03EAC963-9296-4836-AC23-A940F8784A21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {05348D56-E47D-498A-BB7D-7D643A66B289} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {073B80BE-CC11-4F3A-B9F7-001A59809A2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {35CC516F-DAFD-4E0E-A519-8A3BC1C66B36} - System32\Tasks\HPCeeScheduleForChristian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3E932D29-F8DD-49BA-8837-2A70A7855A3F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {477B398B-827F-4621-A6CB-ECC8422FB5EE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {6A75806B-B0D0-408D-91D7-F83BFDEA2E56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {78302E6E-115D-4285-AD91-E33B1CD7B887} - System32\Tasks\{DAF7E351-6B08-46E9-B353-55E4A0C5E789} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {7E0DCE54-CFAC-4AEE-96EC-722D4D93115F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {86E0F615-3226-454C-AF03-52890DA7EB22} - \Winsta Update No Task File <==== ATTENTION
Task: {8CC66BB9-B7A2-4D5A-929E-BC797C8EAEF3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9589EA2B-DBFC-4070-9505-53537340DB48} - System32\Tasks\Disconnect Desktop Updater => C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [2015-02-27] (Disconnect)
Task: {BA537817-3601-46D5-81F7-EACDE6EDE9BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D1BBE7D5-94A6-4A7A-8144-DD0355E8290E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D58491FF-2BEC-4B1D-AB76-57ED867D6B4D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F800C3D6-B6F4-40F4-A9B8-48D48DA70543} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core.job => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA.job => C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForChristian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2012-01-17 17:57 - 2012-01-17 17:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 13:11 - 2013-03-27 13:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 12:26 - 2013-03-27 12:26 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2013-12-28 10:32 - 2012-08-31 16:03 - 00288768 _____ () C:\windows\System32\HP1100LM.DLL
2013-12-28 10:33 - 2012-08-31 16:02 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-11-21 17:01 - 2013-11-22 10:38 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00043008 _____ () c:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_gv49p.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-10-21 11:17 - 2014-10-21 11:17 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e48edf3c1ace502f88d4a7a2227e0f1\IsdiInterop.ni.dll
2013-04-14 01:05 - 2013-11-22 12:39 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-03 04:34 - 2013-11-22 12:28 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-19 08:00 - 2014-03-19 08:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 52.18.92.32 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAfee Endpoint Encryption Agent => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MCtlSvc.lnk => C:\windows\pss\MCtlSvc.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CANON DR-C125 SVC => rundll32.exe DRDcSvc.dll,EntryPointUserMessage
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Christian\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Power2GoExpress8 => "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SoundTouch Music Server => "C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe"
MSCONFIG\startupreg: SpaceSoundPro => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F6C40517-7243-40F8-B241-A4AA7290767B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A57A6794-5328-427E-BE62-C34F75CE093A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3AC0E345-5909-4027-8270-F088FB8F37A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D079551-B394-49C3-813C-8D71A148BDEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{562FB82B-ACC7-450D-A17F-25813988E534}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B70CF372-4268-42B1-9B36-44F311BAF5B3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{52F905AA-793B-414D-8240-092AA43C59EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B41F732-579F-4F6F-B4A3-FF29A93BFCA5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{C8239F38-E7C1-4F7D-BF78-6D1EA8B86AEB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{DB89966E-460F-49AC-BC2E-2A14116644D4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{AA75CC0A-7EB3-4018-97BC-B002E840150B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{5D73A52A-DDBA-40D3-A404-10D8AD341B5E}] => (Allow) LPort=5900
FirewallRules: [{125CB48B-D882-4E51-983D-8F1CE70AF8CD}] => (Allow) LPort=5900
FirewallRules: [{B6854338-33B6-4098-AB54-D1FCBD461148}] => (Allow) LPort=5800
FirewallRules: [{2356B8E7-12E0-4942-88D1-B84499ECFB45}] => (Allow) LPort=5800
FirewallRules: [{E9C9E34A-3AEC-4D9F-9D63-5650D4F81306}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{353D3B0A-2033-462E-9C53-3293FF1ED6B2}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{244DEE94-F37A-4100-93EF-61454048113F}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{A175DB88-5979-46AE-A19D-DA89118277DE}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{BC137049-4002-4036-9FFB-06D674100787}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F8CEDBC-EF54-4E12-9D2D-4F84BC08F55B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{B91F2B60-AA59-4C4C-AF63-01FE3D858D57}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{4776F2FA-D9B2-4F6E-9596-813B0A12AE0E}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{0F65167A-3264-4E7E-94FC-8AC34F0BB8AA}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0AED2436-86CF-406D-8859-5850247100F3}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{07186558-4057-4523-B699-AC01E1BC4908}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{3D9F9B9D-4004-4481-B7CB-6276F42F59E7}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{ED6C9A25-B615-4E23-BF6C-7656C8D33EED}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{CCEFF189-2096-40DE-A1FF-97431B0AF0BD}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{7D124143-C31A-429B-ADB9-C204DF3E11BA}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{74F8ECF5-43BC-497C-820D-3E124C2DC43A}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [TCP Query User{C0487DBF-980F-4EAC-B85A-CEA67C3BE7DE}C:\program files (x86)\mediamall\playlater.exe] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe
FirewallRules: [TCP Query User{25B2EFFF-A63F-400D-9C65-4E78F4462EEF}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{F49511CF-9023-4C34-9BC1-364EE39FAAF9}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [TCP Query User{A6968EE7-A74B-4456-B683-013741C64542}C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe
FirewallRules: [UDP Query User{143F8FD8-E70F-4D95-B18A-4239482979E4}C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmif679.tmp\logmein client.exe
FirewallRules: [TCP Query User{25B5E4D9-FEE4-4BB9-A701-1DC741FC8D77}C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe
FirewallRules: [UDP Query User{040092D8-F4D7-412E-BC68-DAC546F10F08}C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi771a.tmp\logmein client.exe
FirewallRules: [TCP Query User{EDF8D164-35E1-4E01-AB6F-0AE7B56D7E9E}C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe
FirewallRules: [UDP Query User{CCA71D85-B42D-4409-8330-21941D1E89A5}C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmia8b2.tmp\logmein client.exe
FirewallRules: [TCP Query User{569756BB-7C12-4559-8E59-6FDD014631F9}C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe
FirewallRules: [UDP Query User{168BF7A6-82B6-4A52-898D-D61A666DC202}C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi2f1b.tmp\logmein client.exe
FirewallRules: [TCP Query User{CB5B25DE-CBEF-48D2-A8C3-32643445F6F1}C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe
FirewallRules: [UDP Query User{A56F68DE-7DD6-4681-AD00-207850B6236B}C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi10ae.tmp\logmein client.exe
FirewallRules: [TCP Query User{61CF7D3E-A23B-4604-B257-99853705A7AE}C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe
FirewallRules: [UDP Query User{3D9F5310-3E08-44B9-9206-49ECEC4FE4ED}C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi5e93.tmp\logmein client.exe
FirewallRules: [TCP Query User{6382745A-A282-48BC-9509-53EE2AD1B1AB}C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe
FirewallRules: [UDP Query User{00313725-0B63-4F48-83CD-F174A23AD2EA}C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4539.tmp\logmein client.exe
FirewallRules: [TCP Query User{4E44E62B-2581-4090-BC4E-506DE02BD063}C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe
FirewallRules: [UDP Query User{9E3A5D5C-EBBD-4F04-9D77-CC5283F7F6E4}C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi4ca9.tmp\logmein client.exe
FirewallRules: [TCP Query User{653513EF-DDC2-4FF5-9456-E4D01AD42ED2}C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe
FirewallRules: [UDP Query User{7B6728AD-9AE1-4049-828D-C5F4BE3FBFF4}C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmida8b.tmp\logmein client.exe
FirewallRules: [TCP Query User{3BA733C4-649F-4AE6-9D86-32CA5CC7E9B3}C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe
FirewallRules: [UDP Query User{EC5D946F-6042-41E6-A058-FC34774EFEBB}C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe] => (Allow) C:\users\christian\appdata\local\temp\lmi7973.tmp\logmein client.exe
FirewallRules: [{11BF4707-EE95-480F-925A-8BA9F63D7D31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D765DD9A-D04F-4379-A5A8-ABE174CD88ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59113540-C6D1-4622-B816-0F2079FE7768}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{8179942A-50DC-4EBF-9B32-099D4B5C83B9}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{F83CFD34-6946-4B6C-BF40-C363E3489CF8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C4C260CB-F7F8-413D-83E3-1B64D545406F}] => (Allow) LPort=2869
FirewallRules: [{F49D2E43-DEEE-4296-BDA3-2BEAEC54E74A}] => (Allow) LPort=1900
FirewallRules: [{0663A960-5C53-49FB-A7E9-F0E3E3AB3A49}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{2576B8DA-7728-43A1-875E-75A2CE2D5FE9}] => (Allow) C:\Program Files (x86)\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
FirewallRules: [TCP Query User{AFF0D7A6-8E45-4DC7-AC55-49DD97C29FEB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7C131E4A-853E-44EE-966C-BDEF32B6396C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8DD20E0D-4C6A-4B39-9699-6F2296BF8A54}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{640C0688-3EB1-4F30-8AEF-E4D4E9D90D16}] => (Allow) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A2C5E6BA-1A22-4019-BFCE-FC6F2DDA32AD}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe
FirewallRules: [UDP Query User{DED76B8E-7F2A-442C-84D9-920959D67301}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe
FirewallRules: [{7FCC9565-1167-4834-9940-0BEC7924CF86}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/23/2015 03:55:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/23/2015 01:11:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/23/2015 08:37:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/21/2015 07:17:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: supoptsetup.tmp, Version: 51.1052.0.0, Zeitstempel: 0x510ffcfa
Name des fehlerhaften Moduls: supoptsetup.tmp, Version: 51.1052.0.0, Zeitstempel: 0x510ffcfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000409e
ID des fehlerhaften Prozesses: 0x1e48
Startzeit der fehlerhaften Anwendung: 0xsupoptsetup.tmp0
Pfad der fehlerhaften Anwendung: supoptsetup.tmp1
Pfad des fehlerhaften Moduls: supoptsetup.tmp2
Berichtskennung: supoptsetup.tmp3
Error: (07/21/2015 06:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 39.0.0.5659, Zeitstempel: 0x55934d06
Name des fehlerhaften Moduls: mozalloc.dll, Version: 39.0.0.5659, Zeitstempel: 0x55933a83
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1c28
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/21/2015 06:54:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 524
Startzeit: 01d0c3d5bae738f2
Endzeit: 24
Anwendungspfad: C:\windows\system32\DllHost.exe
Berichts-ID: 1820c3e0-2fc9-11e5-b750-3c77e6cccfa1
Error: (07/21/2015 06:21:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/23/2015 03:58:42 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{1272DC04-81FF-4FFF-BB08-2B9CE0C022C8}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (07/23/2015 03:56:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (07/23/2015 03:54:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (07/23/2015 03:54:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (07/23/2015 03:54:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/23/2015 03:54:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/23/2015 03:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/23/2015 03:54:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (07/23/2015 03:54:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\windows\System32\bcmihvsrv64.dll
Error: (07/23/2015 03:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-07-22 19:30:10.474
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-07-22 19:30:10.411
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-07-22 19:16:21.188
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-22 19:16:21.119
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-22 19:16:20.955
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-22 19:15:59.292
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-22 19:12:15.945
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-22 19:12:15.778
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-22 19:12:15.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-22 19:12:15.578
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 54%
Total physical RAM: 3975.55 MB
Available physical RAM: 1819.56 MB
Total Virtual: 7949.29 MB
Available Virtual: 4878.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:443.77 GB) (Free:250.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.7 GB) (Free:3.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50318F85)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End of log ============================
|
|
24.07.2015, 06:49
| #12 |
| /// the machine /// TB-Ausbilder | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PCESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2015, 11:17
| #13 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Hier schon mal der Eset Log. Offensichtliche Probleme habe ich aktuelle keine mehr. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3f02c285a8f8654e8ef983238bd6c53d
# end=init
# utc_time=2015-07-24 06:53:24
# local_time=2015-07-24 08:53:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24953
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3f02c285a8f8654e8ef983238bd6c53d
# end=updated
# utc_time=2015-07-24 06:55:15
# local_time=2015-07-24 08:55:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3f02c285a8f8654e8ef983238bd6c53d
# engine=24953
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-24 09:04:57
# local_time=2015-07-24 11:04:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1802 16775165 100 99 8509 208400002 1259 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 189358547 0 0
# scanned=282051
# found=19
# cleaned=0
# scan_time=7781
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Christian\AppData\Local\nsh77B.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Christian\AppData\Local\nss1E17.tmp.vir"
sh=DF678B81D0A2C063E5467C5113DCCFF238B44DC4 ft=1 fh=55941976f4437196 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\swsetup\WinZBas\Setup.exe"
sh=9ABBAF453246D0C43D62E3A372F40807FB500BCD ft=1 fh=c71c0011f21cd2d8 vn="Win32/AnyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\AnyProtect[2].exe"
sh=6322A72FFA75C7918987716476EE9F61AC067A79 ft=1 fh=f5ba4225b9d13d5f vn="Variante von Win32/TrojanDropper.Addrop.J Trojaner" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\Bundle_Solimba_SpaceSoundPro[1].exe"
sh=1F0F66473D3309392CB205F8D9AB8901AF478A53 ft=1 fh=187ca44c58992790 vn="Variante von Win32/Adware.ConvertAd.VE Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\FriendlyError_s3[1].exe"
sh=AC597FF4CDB2DDBF589DF3B167DB49829DF30F81 ft=1 fh=3993e54b2ba8c468 vn="Variante von Win32/Adware.ConvertAd.RU Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\SearchUpdater[1].exe"
sh=F2182838BD936FAA36F5C8F976CF1B3F42A9F712 ft=1 fh=e999df6207ddd8f8 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\setup_gmsd_de[1].exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\AnyProtectSetup[1].exe"
sh=55A5543C623435AAD73B41DF9DCD3E63DB6BCC5E ft=1 fh=336df5184cceecb0 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\OptimizerPro[1].exe"
sh=3705670AF8CD8741D870A62B421EC5696A97BEFC ft=1 fh=097437150c7024d4 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\SmartWebInstaller[1].exe"
sh=1C236AAE6E828005186C0AAA77D7FD71746CF92E ft=1 fh=51a550cb2becbd84 vn="Win32/Packed.ScrambleWrapper.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\mini_installer[1].exe"
sh=38589E87AC387B691F4F99F0420A49A50AD52995 ft=1 fh=0d68d3f5dc74fddb vn="Win32/Adware.ConvertAd.ST Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\policyname[1].exe"
sh=7CA831E2F18883A6327654E9F8E6B2E0400B6716 ft=1 fh=f4d71f8d6cedd4d1 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\setup[1].exe"
sh=5B402E290F5AD46623285D50DC15F86F1DD61CF9 ft=1 fh=7052bcf69de9ad90 vn="Variante von Win32/Adware.Vitruvian.F Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRRHSAOH\wordsurfer-setup-1.10.0.19[1].exe"
sh=57DD0B259A525D63F8C444E2511599AA592B8B9A ft=1 fh=3d4711b660521108 vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Temp\newversion.exe"
sh=DC5064BB559CAEB7675120C79A3B3576012636D2 ft=1 fh=ef4354977cc176ab vn="Win32/Adware.ConvertAd.RS Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Temp\nsmBE57.tmp"
sh=18B227CEA734E1A98F53CAD4BEDF30531D0F13B8 ft=1 fh=a56cdfff072efa92 vn="Win32/Adware.ConvertAd.RS Anwendung" ac=I fn="C:\Users\Christian\AppData\Local\Temp\nsr3DB.tmp"
sh=ED5C7FA74CB6DCD8F9AFEACDF9A3B8E5B395C832 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\1173ed.msi"
Code:
ATTFilter Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.209
Adobe Reader XI
Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Christian (administrator) on CW-NOTEBOOK on 24-07-2015 12:16:10
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian (Available Profiles: Christian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Esker S.A.) C:\Program Files (x86)\Esker\Common\ESLCBcst.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(hxxp://shotty.devs-on.net) C:\Program Files\Shotty\Shotty.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Esker S. A.) C:\Program Files (x86)\Esker\SmarTerm\STOFFICE.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
() C:\Users\Christian\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-07-22] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-11-22] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-09-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-11-22] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-09-09] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-22] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2013-11-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DR-C125 CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\DRC125\TouchDR.exe [892928 2011-06-03] (Canon Electronics Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Run: [Shotty] => C:\Program Files\Shotty\Shotty.exe [724480 2013-11-24] (hxxp://shotty.devs-on.net)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-11-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-263877971-3702004810-1081422831-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-22] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll No File
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1272DC04-81FF-4FFF-BB08-2B9CE0C022C8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{20C5A63C-BF94-49FA-8CEF-BC4163F6F7A8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{A6E50E83-F1D5-4553-8EB9-1FC45879DB89}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{B9459966-CA3A-49A1-AF3E-0C4E12084836}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}: [NameServer] 52.18.92.32,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default
FF Homepage: https://www.malwarebytes.org/restorebrowser/&ts=1437476702&z=b89e3a9e1cb3f3cfe729e72g2z6c7m5z5m3q0q9mbe&from=face&uid=WDCXWD5000BPKT-60PK4T0_WD-WX41A93A5314A5314
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-22] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-22] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-07-20] (Digital Persona, Inc.)
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\searchplugins\ecosia.xml [2014-09-16]
FF Extension: Disconnect - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\2.0@disconnect.me [2015-03-04]
FF Extension: Disconnect Search - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\search@disconnect.me [2015-03-04]
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\artur.dubovoy@gmail.com [2015-05-29]
FF Extension: PlayOn - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\Extensions\playonplugin@playon.tv [2014-09-08]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-11-22]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bqu534lq.default\extensions\defsearchp@gmail.com
FF HKU\S-1-5-21-263877971-3702004810-1081422831-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2013-11-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 Disconnect Desktop Updater; C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-02-27] (Disconnect)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.)
R2 EskerLicenseControl; C:\Program Files (x86)\Esker\Common\eslcbcst.exe [315479 2008-08-25] (Esker S.A.) [File not signed]
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1127800 2012-01-27] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-01-27] (Infineon Technologies AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-22] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\Disconnect\Disconnect Desktop\openvpn\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-01-27] (Infineon Technologies AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-07-22] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2013-11-22] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2013-11-22] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-09-09] (Broadcom Corporation.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus)
R1 tcpipBM; C:\windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [14000 2008-07-08] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-24 12:13 - 2015-07-24 12:13 - 00852662 _____ C:\Users\Christian\Downloads\SecurityCheck.exe
2015-07-24 09:03 - 2015-07-24 09:03 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-24 08:52 - 2015-07-24 08:52 - 02870984 _____ (ESET) C:\Users\Christian\Downloads\esetsmartinstaller_deu.exe
2015-07-23 16:04 - 2015-07-23 16:05 - 00057043 _____ C:\Users\Christian\Downloads\Addition.txt
2015-07-23 16:03 - 2015-07-24 12:16 - 00029159 _____ C:\Users\Christian\Downloads\FRST.txt
2015-07-23 14:03 - 2015-07-23 14:03 - 00000000 ____D C:\ProgramData\MediaMall
2015-07-23 14:00 - 2015-07-23 14:00 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Christian\Downloads\JRT.exe
2015-07-23 09:22 - 2015-07-23 09:22 - 02248704 _____ C:\Users\Christian\Downloads\AdwCleaner_4.208.exe
2015-07-23 09:08 - 2015-07-23 09:08 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-07-23 08:45 - 2015-07-23 08:45 - 00003276 _____ C:\windows\System32\Tasks\{DAF7E351-6B08-46E9-B353-55E4A0C5E789}
2015-07-22 19:56 - 2015-07-22 19:56 - 00049680 _____ C:\ComboFix.txt
2015-07-22 19:17 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-07-22 19:17 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-07-22 19:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-07-22 19:17 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-07-22 19:16 - 2015-07-22 19:57 - 00000000 ____D C:\Qoobox
2015-07-22 19:14 - 2015-07-22 19:50 - 00000000 ____D C:\windows\erdnt
2015-07-22 19:12 - 2015-07-22 19:12 - 05632853 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2015-07-22 19:05 - 2015-07-22 19:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-22 19:04 - 2015-07-22 19:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian\Downloads\revosetup95.exe
2015-07-21 18:32 - 2015-07-21 18:32 - 00152240 _____ C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-21 18:20 - 2015-07-24 08:37 - 00000392 _____ C:\windows\setupact.log
2015-07-21 18:20 - 2015-07-21 18:20 - 00000000 _____ C:\windows\setuperr.log
2015-07-21 18:19 - 2015-07-23 15:55 - 00085582 _____ C:\windows\PFRO.log
2015-07-21 18:19 - 2015-07-21 18:20 - 00570816 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-21 17:39 - 2015-07-21 17:39 - 00380416 _____ C:\Users\Christian\Downloads\lwx3kwsc.exe
2015-07-21 17:28 - 2015-07-21 17:28 - 02135552 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-07-21 17:25 - 2015-07-21 17:25 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2015-07-21 15:28 - 2015-07-21 15:28 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files\iTunes
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files\iPod
2015-07-21 15:28 - 2015-07-21 15:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-21 14:04 - 2015-07-21 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-21 14:04 - 2015-07-21 14:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 _____ C:\windows\prleth.sys
2015-07-21 13:05 - 2015-07-21 13:05 - 00000000 _____ C:\windows\hgfs.sys
2015-07-21 12:33 - 2015-07-21 12:33 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Opera Software
2015-07-21 12:33 - 2015-07-21 12:33 - 00000000 ____D C:\Users\Christian\AppData\Local\Opera Software
2015-07-21 12:32 - 2015-07-21 12:35 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-21 12:30 - 2015-07-21 12:35 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2015-07-21 12:30 - 2015-07-21 12:30 - 00000000 ____D C:\Users\Christian\Documents\eRightSoft
2015-07-21 12:30 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\windows\SysWOW64\pncrt.dll
2015-07-21 12:30 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\drvc.dll
2015-07-21 09:42 - 2015-07-21 12:11 - 2152198208 _____ C:\Users\Christian\Desktop\Wiedemann Image Film.mov
2015-07-21 09:13 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-21 09:13 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-21 09:13 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-21 09:13 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-21 09:13 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-21 09:13 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-21 09:13 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-21 09:13 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-21 09:13 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-21 09:13 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-16 14:35 - 2015-07-16 14:36 - 00000000 ____D C:\Users\Christian\Desktop\Wirtschaftspreis
2015-07-16 10:07 - 2015-07-16 13:06 - 00125980 _____ C:\Users\Christian\Desktop\Liquidtätsplan Kopie leer.xlsx
2015-07-16 08:53 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-16 08:53 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-16 08:53 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-16 08:53 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-16 08:53 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-16 08:53 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-16 08:53 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-16 08:53 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-16 08:53 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-16 08:53 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-16 08:53 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-16 08:53 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-16 08:53 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-16 08:53 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-16 08:53 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-16 08:53 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-16 08:53 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-16 08:53 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-16 08:53 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-16 08:53 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-16 08:53 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-16 08:53 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-16 08:53 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-16 08:53 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-16 08:53 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-16 08:53 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-16 08:53 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-16 08:53 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-16 08:53 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-16 08:53 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-16 08:53 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-16 08:53 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-16 08:53 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-16 08:53 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-16 08:53 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-16 08:53 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-07-16 08:53 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-16 08:53 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-07-16 08:53 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-16 08:53 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-16 08:53 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-16 08:53 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-16 08:53 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-07-16 08:53 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-16 08:53 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-16 08:53 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-16 08:53 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-07-16 08:53 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-16 08:53 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-16 08:53 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-16 08:53 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-16 08:53 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-07-16 08:53 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-07-16 08:53 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-16 08:53 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-16 08:53 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-16 08:53 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-16 08:53 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-16 08:53 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-16 08:53 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-16 08:53 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-16 08:53 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-16 08:53 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-07-16 08:53 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-16 08:53 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-16 08:53 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-16 08:53 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-16 08:53 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-16 08:53 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-07-16 08:53 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-16 08:53 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-16 08:53 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-16 08:53 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-16 08:53 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-07-16 08:53 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-16 08:53 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-16 08:53 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-16 08:53 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-16 08:53 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-16 08:53 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-16 08:53 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-16 08:53 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-07-16 08:53 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-16 08:53 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-16 08:53 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-16 08:53 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-16 08:53 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-16 08:53 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-16 08:52 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-16 08:52 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-16 08:52 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-16 08:52 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-16 08:52 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-16 08:52 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-16 08:52 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-16 08:52 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-16 08:52 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-16 08:52 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-16 08:52 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-16 08:52 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-14 21:59 - 2015-07-14 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-14 21:59 - 2015-07-14 21:59 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-10 09:59 - 2015-07-23 16:51 - 00000000 ____D C:\Users\Christian\Desktop\Skoda
2015-07-07 10:47 - 2015-07-07 10:47 - 00013204 _____ C:\Users\Christian\Documents\Email BF stand 07.07.15.xlsx
2015-07-07 10:26 - 2015-07-07 10:27 - 00000000 ____D C:\Users\Christian\Desktop\Musik Basti
2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Defrag
2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAM Defrag
2015-07-01 10:56 - 2015-07-01 10:56 - 00000000 ____D C:\Program Files (x86)\RAM Defrag
2015-07-01 10:56 - 2006-06-04 18:33 - 00081920 _____ C:\windows\SysWOW64\GkSui20.EXE
2015-06-29 09:22 - 2015-06-29 09:39 - 00000000 ____D C:\Users\Christian\Desktop\Fotos Sommerfest
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-24 12:16 - 2015-04-22 11:19 - 00000000 ____D C:\FRST
2015-07-24 11:54 - 2015-06-18 15:43 - 00001240 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA.job
2015-07-24 10:46 - 2013-11-18 13:11 - 00003958 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{43550C9A-71F1-4A37-9F36-CF91E81C2D37}
2015-07-24 10:32 - 2013-11-03 04:05 - 01772013 _____ C:\windows\WindowsUpdate.log
2015-07-24 09:03 - 2013-11-27 10:09 - 00000000 ___RD C:\Users\Christian\Dropbox
2015-07-24 09:03 - 2013-11-27 09:55 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Dropbox
2015-07-24 08:48 - 2009-07-14 06:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-24 08:48 - 2009-07-14 06:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-24 08:42 - 2013-11-18 15:42 - 00000000 ____D C:\Users\Christian\AppData\Local\LogMeIn Hamachi
2015-07-24 08:37 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-23 16:53 - 2015-02-26 10:37 - 00000000 ____D C:\Users\Christian\Documents\BErg
2015-07-23 16:52 - 2014-11-04 18:12 - 00000000 ____D C:\Users\Christian\Documents\Haus
2015-07-23 16:52 - 2014-09-20 15:33 - 00000000 ____D C:\Users\Christian\Documents\MTB
2015-07-23 15:57 - 2013-11-26 18:24 - 00000181 _____ C:\windows\setscan.ini
2015-07-23 15:54 - 2014-09-16 21:24 - 00000000 ____D C:\AdwCleaner
2015-07-23 15:51 - 2014-09-16 09:42 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 15:51 - 2014-01-19 12:38 - 00001160 _____ C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-23 15:51 - 2013-11-18 15:18 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-23 15:51 - 2013-11-18 13:11 - 00001421 _____ C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-23 14:03 - 2014-09-08 15:57 - 00000000 ____D C:\Program Files (x86)\MediaMall
2015-07-23 13:54 - 2015-06-18 15:43 - 00001188 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core.job
2015-07-23 13:10 - 2009-07-14 05:20 - 00000000 ____D C:\windows\TAPI
2015-07-23 13:09 - 2013-11-18 13:07 - 00000000 ____D C:\Users\Christian
2015-07-23 08:59 - 2013-11-03 04:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-07-23 08:59 - 2013-04-14 01:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-23 08:59 - 2013-04-14 00:45 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-22 19:57 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-22 19:36 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-07-21 18:20 - 2013-04-14 01:38 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-21 16:45 - 2014-09-16 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-21 16:45 - 2014-09-16 09:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-21 16:37 - 2013-04-13 22:35 - 00703214 _____ C:\windows\system32\perfh007.dat
2015-07-21 16:37 - 2013-04-13 22:35 - 00150822 _____ C:\windows\system32\perfc007.dat
2015-07-21 16:37 - 2009-07-14 07:13 - 01629436 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-21 15:28 - 2015-04-23 09:22 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-21 15:28 - 2013-11-22 16:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-21 09:02 - 2013-04-14 01:38 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-21 09:02 - 2013-04-14 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-21 09:02 - 2013-04-14 01:38 - 00003770 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-20 14:35 - 2013-11-24 18:21 - 00003210 _____ C:\windows\System32\Tasks\HPCeeScheduleForChristian
2015-07-20 14:35 - 2013-11-24 18:21 - 00000348 _____ C:\windows\Tasks\HPCeeScheduleForChristian.job
2015-07-20 14:13 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-07-20 13:49 - 2015-06-18 15:43 - 00004218 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001UA
2015-07-20 13:49 - 2015-06-18 15:43 - 00003822 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-263877971-3702004810-1081422831-1001Core
2015-07-20 11:02 - 2013-11-21 17:11 - 00002036 ____H C:\Users\Christian\Documents\Default.rdp
2015-07-20 08:52 - 2013-11-21 16:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 19:31 - 2013-11-20 08:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 19:27 - 2013-11-18 15:40 - 00000000 ____D C:\windows\system32\MRT
2015-07-16 15:57 - 2014-07-30 15:24 - 00010240 _____ C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-16 08:54 - 2014-12-23 16:08 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 11:44 - 2013-12-04 10:07 - 00033856 ____H (LogMeIn, Inc.) C:\windows\system32\hamachi.sys
2015-07-14 08:34 - 2013-11-20 08:36 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-07-07 12:41 - 2014-01-20 09:52 - 32435718 _____ C:\PAGE.BMP
2015-07-07 12:41 - 2014-01-20 09:52 - 04061206 _____ C:\1BPP_0.BMP
2015-07-07 08:48 - 2013-11-25 22:14 - 00000000 ____D C:\Users\Public\Documents\Sonstigtes
2015-07-06 08:50 - 2013-11-18 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 16:18 - 2014-02-14 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 15:54 - 2013-11-25 22:14 - 00000000 ____D C:\Users\Public\Documents\Steuer
2015-07-03 08:43 - 2013-11-18 15:40 - 130333168 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-30 16:25 - 2014-08-25 12:30 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2014-07-30 15:24 - 2015-07-16 15:57 - 0010240 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-09 17:42 - 2014-12-09 17:42 - 0000870 _____ () C:\Users\Christian\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7rmcpf.dll
C:\Users\Christian\AppData\Local\Temp\newversion.exe
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\sqlite3.dll
C:\Users\Christian\AppData\Local\Temp\Uninstall.exe
C:\Users\Christian\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-23 09:55
==================== End of log ============================
|
|
25.07.2015, 09:58
| #14 |
| /// the machine /// TB-Ausbilder | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\swsetup\WinZBas\Setup.exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\AnyProtect[2].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\Bundle_Solimba_SpaceSoundPro[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\FriendlyError_s3[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\SearchUpdater[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\setup_gmsd_de[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\AnyProtectSetup[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\OptimizerPro[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\SmartWebInstaller[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\mini_installer[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\policyname[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\setup[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRRHSAOH\wordsurfer-setup-1.10.0.19[1].exe
C:\Users\Christian\AppData\Local\Temp\newversion.exe
C:\Users\Christian\AppData\Local\Temp\nsmBE57.tmp
C:\Users\Christian\AppData\Local\Temp\nsr3DB.tmp
C:\Windows\Installer\1173ed.msi
Tcpip\..\Interfaces\{1272DC04-81FF-4FFF-BB08-2B9CE0C022C8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{20C5A63C-BF94-49FA-8CEF-BC4163F6F7A8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{A6E50E83-F1D5-4553-8EB9-1FC45879DB89}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{B9459966-CA3A-49A1-AF3E-0C4E12084836}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}: [NameServer] 52.18.92.32,8.8.8.8
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2015, 11:11
| #15 |
| | PUP.Optional.MiuiTab.A und PUP.Optional.SupTab.A und div. andere Schädlinge am PC Hi, hier schonmal das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Christian at 2015-07-25 11:54:05 Run:1
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian (Available Profiles: Christian)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\swsetup\WinZBas\Setup.exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\AnyProtect[2].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\Bundle_Solimba_SpaceSoundPro[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\FriendlyError_s3[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\SearchUpdater[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\setup_gmsd_de[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\AnyProtectSetup[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\OptimizerPro[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\SmartWebInstaller[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\mini_installer[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\policyname[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\setup[1].exe
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRRHSAOH\wordsurfer-setup-1.10.0.19[1].exe
C:\Users\Christian\AppData\Local\Temp\newversion.exe
C:\Users\Christian\AppData\Local\Temp\nsmBE57.tmp
C:\Users\Christian\AppData\Local\Temp\nsr3DB.tmp
C:\Windows\Installer\1173ed.msi
Tcpip\..\Interfaces\{1272DC04-81FF-4FFF-BB08-2B9CE0C022C8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{20C5A63C-BF94-49FA-8CEF-BC4163F6F7A8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{A6E50E83-F1D5-4553-8EB9-1FC45879DB89}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{B9459966-CA3A-49A1-AF3E-0C4E12084836}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}: [NameServer] 52.18.92.32,8.8.8.8
Emptytemp:
*****************
C:\swsetup\WinZBas\Setup.exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\AnyProtect[2].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\Bundle_Solimba_SpaceSoundPro[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\FriendlyError_s3[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\SearchUpdater[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FM2RBDI\setup_gmsd_de[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\AnyProtectSetup[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\OptimizerPro[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T2G7QI\SmartWebInstaller[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\mini_installer[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\policyname[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE7GSHHG\setup[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRRHSAOH\wordsurfer-setup-1.10.0.19[1].exe => moved successfully.
C:\Users\Christian\AppData\Local\Temp\newversion.exe => moved successfully.
C:\Users\Christian\AppData\Local\Temp\nsmBE57.tmp => moved successfully.
C:\Users\Christian\AppData\Local\Temp\nsr3DB.tmp => moved successfully.
C:\Windows\Installer\1173ed.msi => moved successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1272DC04-81FF-4FFF-BB08-2B9CE0C022C8}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20C5A63C-BF94-49FA-8CEF-BC4163F6F7A8}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39605FF1-DFF3-4DAF-8AF8-5A7D585CBA91}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A6E50E83-F1D5-4553-8EB9-1FC45879DB89}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B9459966-CA3A-49A1-AF3E-0C4E12084836}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2F86125-2B71-4A00-9577-F03EA9DBFC50}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EBB5D288-2BDF-49E5-A266-51FF653FBB2B}\\NameServer => value removed successfully
EmptyTemp: => 154.3 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 11:54:27 ====
Vielen herzlichen Danke für die Unterstütung. Gerne gibts dafür eine Spende!!! |
|
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
