Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Google Chrome und Firefox funktionieren nach Anwendung von Malwarebytes nicht mehr (https://www.trojaner-board.de/157819-google-chrome-firefox-funktionieren-anwendung-malwarebytes-mehr.html)

RNob 20.08.2014 10:11
Google Chrome und Firefox funktionieren nach Anwendung von Malwarebytes nicht mehr
 
Hallo,

folgende Probleme hatte ich auf meinem Rechner mit dem Firefox/ Chrome und Internet Explorer: Werbung öffnete sich ständig. Neue Fenster gingen auf. Ich installierte Malwarebytes. Nach einem Virenscan verschob ich alles was gefunden wurde in Quarantäne. Werbung war nun weg. Zuerst ging der Firefox noch, dann nicht mehr. Auch andere Browser funktionieren nicht mehr. Habe Malwarebytes deinstalliert. Jetzt geht immer noch nichts mehr. Hoffe, ihr könnt mir helfen.
Ich hoffe das genügt erstmal an Informationen zum Beginnen der Hilfe.

Habe nun Schritt 1- 3 aus der Anleitung für Hilfesuchende auf meinem Rechner durchgeführt. Die Ergebnisse hänge ich euch an.

Mit freundlichen Grüßen, Robert

schrauber 20.08.2014 10:28
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

RNob 20.08.2014 10:36
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Norman at 2014-08-20 10:31:08
Running from C:\Users\Norman\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.9 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.35 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0003 - ASUS)
awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version:  - awesomehp) <==== ATTENTION
BMWi-Softwarepaket 9.1 (HKLM-x32\...\{76C11599-B4CC-4509-B93C-EA8C8D7EE56E}) (Version: 9.1.0 - A2C Software AG, Aachen)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.2 - Activision)
Call of Duty(R) 2 (x32 Version: 1.2 - Activision) Hidden
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.6 - ASUS)
CooiLSalEECoUpon (HKLM-x32\...\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}) (Version:  - CoiolSAleCoUpoN) <==== ATTENTION
CPU Miner (HKLM-x32\...\CPUMiner) (Version: 1.0 - WinTuneUp Apps. )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.3.3.3 - DVDVideoSoftTB)
EA Download Manager (HKLM-x32\...\InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}) (Version: 4.0.0.462 - Electronic Arts)
EA Download Manager (x32 Version: 4.0.0.462 - Electronic Arts) Hidden
ETDWare PS/2-x64 7.0.5.10_WHQL (HKLM\...\Elantech) (Version: 7.0.5.10 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.3 - Electronic Arts)
G*Power 3.1.7 (HKLM-x32\...\{80A4F598-7460-41BC-AC15-B7E4545838E4}) (Version: 3.1.7 - Franz Faul, Uni Kiel, Germany)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
IGI 2 (HKLM-x32\...\IGI 2) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version:  - )
Lernspiele Englisch (HKLM-x32\...\Lernspiele Englisch) (Version:  - )
MATLAB R2009b (HKLM\...\MatlabR2009b) (Version: 7.9 - The MathWorks, Inc.)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
MotoGP (HKLM-x32\...\MotoGP_is1) (Version:  - THQ)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MT66 Software Update (HKLM-x32\...\{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1) (Version:  - )
Nero 7 Essentials (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21031}) (Version: 7.03.1357 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nur Deinstallierung der CopyTrans Suite möglich. (HKCU\...\CopyTrans Suite) (Version: 2.23 - WindSolutions)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PATRIZIER II (HKLM-x32\...\PATRIZIER II_is1) (Version:  - )
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-XChange Viewer (HKLM\...\{9A5A07EC-9732-45A1-9DA9-33DE456E40CB}) (Version: 2.0.57.0 - Tracker Software Products Ltd.)
PepperZip 1.0 (HKLM-x32\...\PepperZip) (Version: 1.0 - PepperWare Co.)
Pro Evolution Soccer 2010 (HKLM-x32\...\{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}) (Version: 1.00.0000 - KONAMI)
Puran Utilities 1.0.3 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
Scan2PDF 1.6 (HKLM-x32\...\Scan2PDF_is1) (Version:  - Koma-Code)
Snap.Do (HKLM-x32\...\{17675027-B1F7-4EA3-BAFD-72E887752385}) (Version: 1.6.0.388 - ReSoft Ltd.) <==== ATTENTION
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.13.28 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.065 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.065 - Sony)
Studie zur Verbesserung von HP Deskjet 3050A J611 series Produkten (HKLM\...\{EF27865C-E636-47C4-8B35-CE8A88045681}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SweetPacks bundle uninstaller (HKLM-x32\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM-x32\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
VLC media player 1.1.2 (HKLM-x32\...\VLC media player) (Version: 1.1.2 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.1 - ASUS)
WinSpeed (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}) (Version:  - 24soft) <==== ATTENTION
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-08-2014 06:13:23 Windows Update
20-08-2014 06:31:18 Wiederherstellungsvorgang
20-08-2014 06:48:34 Windows Update
20-08-2014 07:04:09 Wiederherstellungsvorgang
20-08-2014 07:20:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {340468B9-F474-4AE9-9BD0-A2C002D348B5} - \ASP No Task File <==== ATTENTION
Task: {3EB501EF-DB60-431C-B933-E4563F76EABE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-08] (Google Inc.)
Task: {3ED39A0D-750A-4A9F-B05E-D26CEB186666} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {3F5B9083-AE21-4148-B7B4-997E4FC7D53A} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WRemoteUpdate.exe
Task: {4358E3E5-9CA1-48E2-A88F-DC0F1690F224} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {499E9417-608B-4F82-8F42-45784072372D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {6E85ACA0-B527-4137-A686-AB0ED5AF777F} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-06-19] (AnyProtect by CMI) <==== ATTENTION
Task: {72857A1C-9A8E-446B-B81D-3F95A43FFC86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7540B1AE-EFEF-4B94-9830-0D09AF938341} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {7822837E-1607-4FED-8A3B-1CC0207D9F6B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {86B06355-5B78-40DB-B550-17ADE6CDBB19} - \EPUpdater No Task File <==== ATTENTION
Task: {87F05C42-EB42-42FE-B716-12173125D4C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-08] (Google Inc.)
Task: {919B53E6-0C03-457F-A060-4190C0FAD6F7} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-06-19] (AnyProtect by CMI) <==== ATTENTION
Task: {9DC0B0F6-5FDE-4D37-AC3D-5361EA784A23} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {B240F418-91F5-4638-B1AB-B2C6AC97A74E} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B48DA01E-00AB-48DC-8585-7DB3E36FDE05} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-02-08] (asus)
Task: {C320C4AC-1699-4E30-9168-0706112341FF} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WConnectorSockets.exe
Task: {C5E5F5B0-356A-437E-AB53-2D8410DD450D} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\WHomepageArmor.exe
Task: {D2C81AA9-2C08-4B83-AC7A-66C96494B4A5} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-04-09] (ATK)
Task: {D385FC90-2C02-4C74-AF60-D5ADB21E210B} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2009-11-18] (MedienTeam66)
Task: {D3B5D397-BFA4-44D2-8CDD-91F5AE3FF3B3} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-06-19] (AnyProtect by CMI) <==== ATTENTION
Task: {F09B0C3A-39C6-4E55-AE91-33DD656E8EA0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-420645628-1813877703-113317616-1001
Task: {F2B13C76-5D00-4BC9-AB81-2ADE678E909E} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{F29BB976-EE78-451D-926D-D0607B097FA2}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-04-01 18:32 - 2011-04-01 18:32 - 00053760 _____ () C:\Windows\system32\msratiog.dll
2014-08-20 07:57 - 2014-08-20 07:57 - 04304896 _____ () C:\ProgramData\WinSpeed\WinSpeed_x64.dll
2014-07-29 08:11 - 2014-07-28 20:24 - 04795904 _____ () C:\Windows\score.exe
2012-04-18 10:29 - 2012-01-17 18:49 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-06-08 23:07 - 2010-06-08 23:07 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-06-08 23:07 - 2010-06-08 23:07 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-07-23 12:50 - 2014-07-23 12:50 - 00121344 _____ () C:\Program Files (x86)\PepperZip\shell\PPZShellExtension_x64.dll
2010-06-08 23:31 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-02-04 02:14 - 2010-02-04 02:14 - 00033792 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-05 02:43 - 2010-01-05 02:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-04-10 17:40 - 2011-04-10 17:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-11 10:15 - 2014-03-13 10:49 - 00764096 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2014-08-20 07:57 - 2014-08-20 07:57 - 04127232 _____ () c:\ProgramData\WinSpeed\WinSpeed.dll
2014-08-20 07:57 - 2014-08-20 07:57 - 00186192 _____ () c:\ProgramData\WinSpeed\WinSpeedSvc.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-03 01:51 - 2010-02-03 01:51 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-13 13:40 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 13:40 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 13:40 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 13:40 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 13:40 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-03-11 10:15 - 2014-03-13 10:49 - 00065728 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
2014-03-11 10:15 - 2014-03-13 10:49 - 00474816 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-420645628-1813877703-113317616-1001\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: BrowserSafeguard => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: facemoods => "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe" /md I
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2014 09:33:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059

Error: (08/20/2014 09:33:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059

Error: (08/20/2014 09:33:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2014 09:33:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (08/20/2014 09:33:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (08/20/2014 09:33:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2014 07:52:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63034279

Error: (08/20/2014 07:52:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63034279

Error: (08/20/2014 07:52:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2014 07:52:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63033265


System errors:
=============
Error: (08/20/2014 10:26:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/20/2014 10:25:39 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/20/2014 09:23:58 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

        Feature: %%886

        Fehlercode: 0x80070020

        Fehlerbeschreibung: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

        Grund: %%858

Error: (08/20/2014 09:11:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/20/2014 09:10:45 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (08/20/2014 09:09:12 AM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

        Versuchte Signaturen: %24

        Fehlercode: 0x80070002

        Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.

        Signaturversion: 0.0.0.0;0.0.0.0

        Modulversion: %600

Error: (08/20/2014 09:00:15 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (08/20/2014 08:58:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/20/2014 08:56:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "MBAMService" wurde nicht richtig gestartet.

Error: (08/20/2014 08:55:37 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (06/27/2012 05:22:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/27/2012 07:44:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 70 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/27/2012 07:44:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 72 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/17/2011 08:20:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/16/2011 10:29:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/04/2011 00:12:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1585 seconds with 960 seconds of active time.  This session ended with a crash.

Error: (09/22/2011 11:53:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 209 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (08/27/2011 06:09:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/13/2011 06:05:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (07/05/2011 02:01:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3884.55 MB
Available physical RAM: 1714.91 MB
Total Pagefile: 7767.29 MB
Available Pagefile: 5157.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:285.56 GB) NTFS
Drive g: (CANON_DC) (Removable) (Total:0.95 GB) (Free:0.37 GB) FAT
Drive h: (ROBERT) (Removable) (Total:14.44 GB) (Free:8.82 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 968.8 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 14.5 GB) (Disk ID: F716AB20)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)

==================== End Of Log ============================
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:21 on 20/08/2014 (Norman)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

RNob 20.08.2014 10:37

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Norman (administrator) on ROBERT on 20-08-2014 10:29:29
Running from C:\Users\Norman\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\score.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [764096 2014-03-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\Run: [GoogleChromeAutoLaunch_29B69EEE740A47DF7549CA7579BEBBEF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: H - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: {199fad6e-5f89-11e0-bc40-485b395fdc69} - G:\SETUP.EXE
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: {811f5be9-3175-11e1-9993-485b395fdc69} - F:\Startme.exe
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: {9e61451a-e3fa-11df-acb8-001e101f2c0e} - F:\USBAutoRun.exe
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: {bf537bf7-d7b5-11df-a63a-485b395fdc69} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: {bf537c8a-d7b5-11df-a63a-485b395fdc69} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: {cb41fb04-daca-11df-88df-485b395fdc69} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\MountPoints2: {ea323089-2600-11e0-9876-485b395fdc69} - I:\setup_vmc_lite.exe /checkApplicationPresence
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [95848 2010-03-27] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~3\WinSpeed\WINSPE~1.DLL => C:\ProgramData\WinSpeed\WinSpeed_x64.dll [4304896 2014-08-20] ()
AppInit_DLLs-x32: c:\progra~3\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394522550&from=adks&uid=ST9500325AS_6VE7HBS1XXXX6VE7HBS1&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.7&ts=1.000008&tguid=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.7&ts=1.000008&tguid=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\SecureAssist.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 02 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 03 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 04 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Winsock: Catalog9-x64 15 C:\Windows\system32\SecureAssist64.dll [338120] (SecureAssist)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default
FF NewTab: about:home
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Extension: Widget context - C:\Users\Norman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-05]
FF Extension: deal4me - C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\Extensions\vamchw@ovy.co.uk [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF HKCU\...\Firefox\Extensions: [{550bb1da-ebf2-411a-bf29-902df8b1066c}] - C:\Program Files (x86)\Re-markit-soft\157.xpi

Chrome:
=======
CHR HomePage: hxxp://start.androidnewtab.com/?1=1__PARAM__
CHR StartupUrls: "about:newtab?source=home"
CHR NewTab: "chrome-extension://mmmdbehjiieocihhncnaggngbccgdcpo/bundler/newtab.html", "chrome-extension://jlceijfdfeghdhmmbhbcffanmcggoojf/bundler/newtab.html"
CHR DefaultSearchKeyword: search.certified-toolbar.com
CHR DefaultSearchProvider: Web Search
CHR DefaultSearchURL: hxxp://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403128800000.000008&tguid=82443-24086-1403180553023-A2CB6C8DBEA53F83093D8CA04D4D2B61&q={searchTerms}
CHR DefaultSuggestURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-05]
CHR Extension: (Google Drive) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (YouTube) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Web Search) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\canneacfbhohinchadcbleedjidnpejc [2014-08-04]
CHR Extension: (Super Tab Homepage) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchedanbhebbgjmnhcpmpcniijnfbdha [2014-08-04]
CHR Extension: (Google-Suche) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (video MediaPlayer) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb [2014-06-24]
CHR Extension: (Follow) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-08-19]
CHR Extension: (Web Search) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf [2014-06-19]
CHR Extension: (vshare plugin) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2013-06-05]
CHR Extension: (Super Tab) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdbehjiieocihhncnaggngbccgdcpo [2014-08-04]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]
CHR Extension: (Google Wallet) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Widget context) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-03-05]
CHR Extension: (Color Icons for Gmail) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn [2014-08-18]
CHR Extension: (Google Mail) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Norman\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [bciilgdpfoijonnahfpinfnhpckkokna] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home9526\ch\MediaWatchV1home9526.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [ejdbaenpnnpklfljeihebmljibepmimo] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7295\ch\MediaBuzzV1mode7295.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
CHR HKLM-x32\...\Chrome\Extension: [ldjojcbkmecbbllcopnbbkanahggohkj] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha6977\ch\TrustMediaViewerV1alpha6977.crx [2011-08-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-20] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2012-08-13] (Puran Software) [File not signed]
R2 scores; C:\Windows\score.exe [4795904 2014-07-28] () [File not signed]
S3 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2012-01-17] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-30] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
U3 tmlwf;
U3 tmwfp;
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 10:29 - 2014-08-20 10:30 - 00027354 _____ () C:\Users\Norman\Desktop\FRST.txt
2014-08-20 10:27 - 2014-08-20 10:29 - 00000000 ____D () C:\FRST
2014-08-20 10:21 - 2014-08-20 10:21 - 00000584 _____ () C:\Users\Norman\Desktop\defogger_disable.log
2014-08-20 10:21 - 2014-08-20 10:21 - 00000020 _____ () C:\Users\Norman\defogger_reenable
2014-08-20 10:19 - 2014-08-20 10:19 - 00380416 _____ () C:\Users\Norman\Desktop\Gmer-19357.exe
2014-08-20 10:18 - 2014-08-20 10:18 - 02101760 _____ (Farbar) C:\Users\Norman\Desktop\FRST64.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 00050477 _____ () C:\Users\Norman\Desktop\Defogger.exe
2014-08-20 10:02 - 2014-08-20 10:02 - 00096430 _____ () C:\Users\Norman\Desktop\Extras.Txt
2014-08-20 09:59 - 2014-08-20 09:59 - 00142852 _____ () C:\Users\Norman\Desktop\OTL.Txt
2014-08-20 09:38 - 2014-08-20 09:38 - 00602112 _____ (OldTimer Tools) C:\Users\Norman\Desktop\otl.exe
2014-08-20 07:57 - 2014-08-20 09:07 - 00000000 ____D () C:\ProgramData\WinSpeed
2014-08-20 07:57 - 2014-08-20 07:57 - 00000000 ____D () C:\ProgramData\374311380
2014-08-19 08:05 - 2014-08-20 09:07 - 00000000 ____D () C:\ProgramData\CooiLSalEECoUpon
2014-08-18 12:20 - 2014-08-20 09:07 - 00000000 ____D () C:\ProgramData\8e27c8f07b9e9861
2014-08-17 13:50 - 2014-08-17 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-14 08:32 - 2014-08-14 08:32 - 01058200 _____ (Adobe) C:\Users\Norman\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-08-13 14:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 14:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 14:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 14:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 14:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 14:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 14:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 13:15 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:15 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:14 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:14 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:12 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:12 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:12 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:12 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 13:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:11 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:11 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:11 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:11 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:11 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:11 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:11 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:11 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:11 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:11 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:11 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:11 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:11 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:11 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:11 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:11 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:11 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:11 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:11 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:11 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:11 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:11 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:11 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:11 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:11 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:11 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:11 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:11 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:11 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:11 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:11 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:11 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:11 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:11 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:11 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:11 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:11 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:11 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:11 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:11 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:11 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:11 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:11 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:11 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:11 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:11 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:11 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:11 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:11 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:11 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:11 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:11 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:11 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:11 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:11 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:11 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:05 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:05 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:05 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-13 13:05 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-13 13:05 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-13 13:05 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-13 13:04 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:04 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 12:59 - 2014-08-06 13:00 - 00000000 ____D () C:\Users\Norman\Downloads\FM 2013
2014-08-06 12:59 - 2014-08-06 12:59 - 00921280 _____ () C:\Users\Norman\Downloads\FM 2013.rar
2014-08-06 12:59 - 2014-08-06 12:59 - 00183405 _____ () C:\Users\Norman\Downloads\FM2013 1.jpeg
2014-08-06 08:02 - 2014-08-20 09:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 08:02 - 2014-08-13 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 08:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 08:00 - 2014-08-06 08:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-06 08:00 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 07:54 - 2014-08-06 07:54 - 00000687 _____ () C:\awh81A.tmp
2014-08-06 07:44 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-06 07:44 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-06 07:44 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-06 07:44 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-06 07:44 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-06 07:44 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-06 07:44 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-06 07:44 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-06 07:44 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-06 07:44 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-06 07:44 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-06 07:44 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-06 07:44 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-06 07:44 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-06 07:44 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-06 07:44 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-06 07:42 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-06 07:42 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-06 07:42 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-06 07:42 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-06 07:41 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-06 07:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-06 07:40 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-06 07:40 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-06 07:26 - 2014-08-06 07:26 - 00000687 _____ () C:\awh4AE4.tmp
2014-08-04 11:22 - 2014-08-04 11:22 - 00000687 _____ () C:\awh2D46.tmp
2014-08-04 07:32 - 2014-08-04 07:32 - 00000687 _____ () C:\awhCDC9.tmp
2014-08-04 07:09 - 2014-08-04 07:09 - 00000687 _____ () C:\awh6C78.tmp
2014-08-02 13:29 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 13:29 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 13:29 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 13:29 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 13:29 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 13:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 13:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 13:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 13:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 13:26 - 2014-08-02 13:26 - 00000687 _____ () C:\awh4FB5.tmp
2014-07-31 08:56 - 2014-08-20 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 08:44 - 2014-07-31 08:44 - 00000687 _____ () C:\awh5292.tmp
2014-07-30 20:23 - 2014-07-30 20:23 - 00000687 _____ () C:\awhAD4E.tmp
2014-07-30 08:25 - 2014-07-30 08:25 - 00000687 _____ () C:\awh3957.tmp
2014-07-29 09:11 - 2014-07-29 09:11 - 00000687 _____ () C:\awh4587.tmp
2014-07-29 08:15 - 2014-07-29 08:15 - 00000000 ____D () C:\Users\Norman\AppData\Local\com
2014-07-29 08:13 - 2014-07-29 08:13 - 00001903 _____ () C:\Users\UpdatusUser\Desktop\NewPlayer.lnk
2014-07-29 08:12 - 2014-08-20 09:08 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-07-29 08:11 - 2014-08-06 12:25 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\VOPackage
2014-07-29 08:11 - 2014-07-29 08:11 - 00001021 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-07-29 08:11 - 2014-07-29 08:11 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-07-29 08:11 - 2014-07-29 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-07-29 08:11 - 2014-07-29 08:11 - 00000000 ____D () C:\Program Files (x86)\PepperZip
2014-07-29 08:11 - 2014-07-28 20:24 - 04795904 _____ () C:\Windows\score.exe
2014-07-29 08:10 - 2014-07-29 08:10 - 00000687 _____ () C:\awh1812.tmp
2014-07-29 08:09 - 2014-07-29 08:09 - 01505024 _____ () C:\Users\Norman\Downloads\Player Setup.exe
2014-07-28 07:13 - 2014-07-28 07:13 - 00000687 _____ () C:\awh17F2.tmp
2014-07-27 20:10 - 2014-07-27 20:10 - 00000687 _____ () C:\awh63A2.tmp
2014-07-27 18:56 - 2014-07-27 18:56 - 00000687 _____ () C:\awh5C71.tmp
2014-07-27 11:26 - 2014-07-27 11:26 - 00000687 _____ () C:\awh26C1.tmp
2014-07-26 12:38 - 2014-07-26 12:38 - 00000687 _____ () C:\awh6315.tmp
2014-07-25 17:47 - 2014-07-25 17:47 - 00000687 _____ () C:\awh1525.tmp
2014-07-25 07:50 - 2014-07-25 07:50 - 00000687 _____ () C:\awh20F7.tmp
2014-07-24 18:49 - 2014-07-24 18:49 - 00000687 _____ () C:\awh7FC9.tmp
2014-07-24 08:47 - 2014-07-24 08:47 - 00000687 _____ () C:\awh3C06.tmp
2014-07-23 08:18 - 2014-07-23 08:18 - 00000687 _____ () C:\awh15E0.tmp
2014-07-21 19:35 - 2014-07-21 19:35 - 00000687 _____ () C:\awh4A3D.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 10:30 - 2014-08-20 10:29 - 00027354 _____ () C:\Users\Norman\Desktop\FRST.txt
2014-08-20 10:29 - 2014-08-20 10:27 - 00000000 ____D () C:\FRST
2014-08-20 10:29 - 2010-06-08 22:48 - 01615503 _____ () C:\Windows\WindowsUpdate.log
2014-08-20 10:24 - 2010-06-08 23:07 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-20 10:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 10:24 - 2009-07-14 06:51 - 00419139 _____ () C:\Windows\setupact.log
2014-08-20 10:24 - 2009-07-14 06:45 - 00435744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-20 10:22 - 2010-06-08 23:14 - 01185340 _____ () C:\Windows\PFRO.log
2014-08-20 10:21 - 2014-08-20 10:21 - 00000584 _____ () C:\Users\Norman\Desktop\defogger_disable.log
2014-08-20 10:21 - 2014-08-20 10:21 - 00000020 _____ () C:\Users\Norman\defogger_reenable
2014-08-20 10:21 - 2010-10-13 16:57 - 00000000 ____D () C:\Users\Norman
2014-08-20 10:19 - 2014-08-20 10:19 - 00380416 _____ () C:\Users\Norman\Desktop\Gmer-19357.exe
2014-08-20 10:18 - 2014-08-20 10:18 - 02101760 _____ (Farbar) C:\Users\Norman\Desktop\FRST64.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 00050477 _____ () C:\Users\Norman\Desktop\Defogger.exe
2014-08-20 10:02 - 2014-08-20 10:02 - 00096430 _____ () C:\Users\Norman\Desktop\Extras.Txt
2014-08-20 09:59 - 2014-08-20 09:59 - 00142852 _____ () C:\Users\Norman\Desktop\OTL.Txt
2014-08-20 09:46 - 2012-11-17 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 09:38 - 2014-08-20 09:38 - 00602112 _____ (OldTimer Tools) C:\Users\Norman\Desktop\otl.exe
2014-08-20 09:38 - 2010-06-08 23:07 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-20 09:19 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-20 09:16 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 09:16 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 09:08 - 2014-08-06 08:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 09:08 - 2014-07-29 08:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-08-20 09:07 - 2014-08-20 07:57 - 00000000 ____D () C:\ProgramData\WinSpeed
2014-08-20 09:07 - 2014-08-19 08:05 - 00000000 ____D () C:\ProgramData\CooiLSalEECoUpon
2014-08-20 09:07 - 2014-08-18 12:20 - 00000000 ____D () C:\ProgramData\8e27c8f07b9e9861
2014-08-20 09:07 - 2012-04-18 10:29 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-20 09:07 - 2011-01-09 18:46 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\vlc
2014-08-20 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-20 07:57 - 2014-08-20 07:57 - 00000000 ____D () C:\ProgramData\374311380
2014-08-20 07:52 - 2011-07-03 19:09 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-08-19 08:09 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-08-18 11:20 - 2011-09-27 21:19 - 00000000 ____D () C:\Program Files (x86)\vShare.tv plugin
2014-08-18 11:20 - 2011-08-23 08:48 - 00000000 ____D () C:\Program Files (x86)\ConduitEngine
2014-08-18 10:24 - 2012-12-08 11:24 - 00000316 _____ () C:\Windows\Tasks\MT66 Software Update.job
2014-08-18 07:40 - 2009-08-04 11:51 - 01760266 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 07:40 - 2009-08-04 11:51 - 00488386 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 07:40 - 2009-07-14 07:13 - 00006492 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 13:50 - 2014-08-17 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-16 10:47 - 2014-06-19 14:23 - 00000000 ____D () C:\temp
2014-08-14 08:32 - 2014-08-14 08:32 - 01058200 _____ (Adobe) C:\Users\Norman\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-08-14 08:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 20:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 14:23 - 2011-01-20 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 14:13 - 2013-08-13 09:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 14:09 - 2010-10-13 17:55 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 14:00 - 2014-05-06 23:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 12:51 - 2014-03-11 10:15 - 00000000 ____D () C:\Users\Norman\AppData\Local\Mobogenie
2014-08-13 12:46 - 2014-08-06 08:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 12:46 - 2014-03-11 10:15 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-08-13 12:46 - 2011-01-20 11:10 - 00000000 ____D () C:\Users\Norman\AppData\Local\Microsoft Help
2014-08-07 04:06 - 2014-08-13 13:04 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 13:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 13:00 - 2014-08-06 12:59 - 00000000 ____D () C:\Users\Norman\Downloads\FM 2013
2014-08-06 12:59 - 2014-08-06 12:59 - 00921280 _____ () C:\Users\Norman\Downloads\FM 2013.rar
2014-08-06 12:59 - 2014-08-06 12:59 - 00183405 _____ () C:\Users\Norman\Downloads\FM2013 1.jpeg
2014-08-06 12:30 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-08-06 12:29 - 2014-02-26 10:45 - 00002032 _____ () C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2014-08-06 12:26 - 2014-07-18 17:02 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-06 12:26 - 2014-06-19 14:22 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-06 12:26 - 2014-04-25 14:05 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1
2014-08-06 12:26 - 2014-03-27 07:55 - 00000000 ____D () C:\Program Files (x86)\MediaWatchV1
2014-08-06 12:26 - 2014-03-11 10:04 - 00000000 ____D () C:\Program Files\Conduit
2014-08-06 12:26 - 2013-03-19 20:03 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\BabSolution
2014-08-06 12:26 - 2012-10-25 08:10 - 00000000 ____D () C:\Program Files (x86)\SweetIM
2014-08-06 12:26 - 2012-05-30 08:30 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\Systweak
2014-08-06 12:26 - 2011-08-23 08:48 - 00000000 ____D () C:\Users\Norman\AppData\Local\Conduit
2014-08-06 12:26 - 2010-11-12 16:40 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-08-06 12:25 - 2014-07-29 08:11 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\VOPackage
2014-08-06 12:25 - 2014-06-19 14:24 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\SimplyTech
2014-08-06 12:25 - 2014-03-11 10:15 - 00000000 ____D () C:\Windows\SysWOW64\dfrg
2014-08-06 12:25 - 2014-03-11 09:22 - 00000000 ____D () C:\ProgramData\WPM
2014-08-06 12:01 - 2010-06-08 23:31 - 00001711 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-06 12:00 - 2014-03-11 10:04 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 08:01 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-06 08:00 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 07:54 - 2014-08-06 07:54 - 00000687 _____ () C:\awh81A.tmp
2014-08-06 07:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-06 07:26 - 2014-08-06 07:26 - 00000687 _____ () C:\awh4AE4.tmp
2014-08-04 11:22 - 2014-08-04 11:22 - 00000687 _____ () C:\awh2D46.tmp
2014-08-04 07:32 - 2014-08-04 07:32 - 00000687 _____ () C:\awhCDC9.tmp
2014-08-04 07:09 - 2014-08-04 07:09 - 00000687 _____ () C:\awh6C78.tmp
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-08-02 13:26 - 2014-08-02 13:26 - 00000687 _____ () C:\awh4FB5.tmp
2014-08-01 01:41 - 2014-08-13 13:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 13:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 08:44 - 2014-07-31 08:44 - 00000687 _____ () C:\awh5292.tmp
2014-07-30 20:23 - 2014-07-30 20:23 - 00000687 _____ () C:\awhAD4E.tmp
2014-07-30 08:25 - 2014-07-30 08:25 - 00000687 _____ () C:\awh3957.tmp
2014-07-29 09:11 - 2014-07-29 09:11 - 00000687 _____ () C:\awh4587.tmp
2014-07-29 09:07 - 2010-06-08 23:31 - 00003282 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-07-29 08:15 - 2014-07-29 08:15 - 00000000 ____D () C:\Users\Norman\AppData\Local\com
2014-07-29 08:13 - 2014-07-29 08:13 - 00001903 _____ () C:\Users\UpdatusUser\Desktop\NewPlayer.lnk
2014-07-29 08:11 - 2014-07-29 08:11 - 00001021 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-07-29 08:11 - 2014-07-29 08:11 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-07-29 08:11 - 2014-07-29 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-07-29 08:11 - 2014-07-29 08:11 - 00000000 ____D () C:\Program Files (x86)\PepperZip
2014-07-29 08:10 - 2014-07-29 08:10 - 00000687 _____ () C:\awh1812.tmp
2014-07-29 08:10 - 2013-03-19 20:05 - 00000000 _____ () C:\END
2014-07-29 08:09 - 2014-07-29 08:09 - 01505024 _____ () C:\Users\Norman\Downloads\Player Setup.exe
2014-07-28 20:24 - 2014-07-29 08:11 - 04795904 _____ () C:\Windows\score.exe
2014-07-28 07:13 - 2014-07-28 07:13 - 00000687 _____ () C:\awh17F2.tmp
2014-07-27 20:10 - 2014-07-27 20:10 - 00000687 _____ () C:\awh63A2.tmp
2014-07-27 18:56 - 2014-07-27 18:56 - 00000687 _____ () C:\awh5C71.tmp
2014-07-27 11:26 - 2014-07-27 11:26 - 00000687 _____ () C:\awh26C1.tmp
2014-07-26 12:38 - 2014-07-26 12:38 - 00000687 _____ () C:\awh6315.tmp
2014-07-25 17:47 - 2014-07-25 17:47 - 00000687 _____ () C:\awh1525.tmp
2014-07-25 16:52 - 2014-08-13 13:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 13:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 13:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 13:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 13:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 13:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 13:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 13:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 13:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 13:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 13:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 13:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 13:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 13:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 13:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 13:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 13:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 13:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 13:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 13:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 13:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 13:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 13:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 13:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 13:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 13:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 13:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 13:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 13:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 13:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 13:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 13:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 13:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 13:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 13:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 13:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 13:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 13:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 13:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 13:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 13:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 13:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 13:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 13:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 13:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 13:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 13:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 13:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 07:50 - 2014-07-25 07:50 - 00000687 _____ () C:\awh20F7.tmp
2014-07-24 18:49 - 2014-07-24 18:49 - 00000687 _____ () C:\awh7FC9.tmp
2014-07-24 08:47 - 2014-07-24 08:47 - 00000687 _____ () C:\awh3C06.tmp
2014-07-24 08:42 - 2013-03-15 08:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 08:42 - 2010-10-13 17:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 08:29 - 2013-03-16 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 15:25 - 2014-05-30 09:59 - 00000000 ____D () C:\Windows\rescache
2014-07-23 08:18 - 2014-07-23 08:18 - 00000687 _____ () C:\awh15E0.tmp
2014-07-21 19:35 - 2014-07-21 19:35 - 00000687 _____ () C:\awh4A3D.tmp

Some content of TEMP:
====================
C:\Users\Norman\AppData\Local\Temp\BackupSetup.exe
C:\Users\Norman\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\Norman\AppData\Local\Temp\dlLogic.exe
C:\Users\Norman\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Norman\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Norman\AppData\Local\Temp\EAD10A2.exe
C:\Users\Norman\AppData\Local\Temp\EAD116D.exe
C:\Users\Norman\AppData\Local\Temp\EAD138.exe
C:\Users\Norman\AppData\Local\Temp\EAD138F.exe
C:\Users\Norman\AppData\Local\Temp\EAD13AE.exe
C:\Users\Norman\AppData\Local\Temp\EAD1573.exe
C:\Users\Norman\AppData\Local\Temp\EAD162E.exe
C:\Users\Norman\AppData\Local\Temp\EAD17E3.exe
C:\Users\Norman\AppData\Local\Temp\EAD19B7.exe
C:\Users\Norman\AppData\Local\Temp\EAD19F5.exe
C:\Users\Norman\AppData\Local\Temp\EAD1BE8.exe
C:\Users\Norman\AppData\Local\Temp\EAD1C75.exe
C:\Users\Norman\AppData\Local\Temp\EAD1E1A.exe
C:\Users\Norman\AppData\Local\Temp\EAD209A.exe
C:\Users\Norman\AppData\Local\Temp\EAD222F.exe
C:\Users\Norman\AppData\Local\Temp\EAD22BC.exe
C:\Users\Norman\AppData\Local\Temp\EAD2367.exe
C:\Users\Norman\AppData\Local\Temp\EAD2386.exe
C:\Users\Norman\AppData\Local\Temp\EAD2480.exe
C:\Users\Norman\AppData\Local\Temp\EAD2616.exe
C:\Users\Norman\AppData\Local\Temp\EAD2635.exe
C:\Users\Norman\AppData\Local\Temp\EAD26D2.exe
C:\Users\Norman\AppData\Local\Temp\EAD26E0.exe
C:\Users\Norman\AppData\Local\Temp\EAD297F.exe
C:\Users\Norman\AppData\Local\Temp\EAD2A0C.exe
C:\Users\Norman\AppData\Local\Temp\EAD2A69.exe
C:\Users\Norman\AppData\Local\Temp\EAD2CAA.exe
C:\Users\Norman\AppData\Local\Temp\EAD2CCA.exe
C:\Users\Norman\AppData\Local\Temp\EAD2D46.exe
C:\Users\Norman\AppData\Local\Temp\EAD2D85.exe
C:\Users\Norman\AppData\Local\Temp\EAD2E.exe
C:\Users\Norman\AppData\Local\Temp\EAD2ECC.exe
C:\Users\Norman\AppData\Local\Temp\EAD2F59.exe
C:\Users\Norman\AppData\Local\Temp\EAD3429.exe
C:\Users\Norman\AppData\Local\Temp\EAD3439.exe
C:\Users\Norman\AppData\Local\Temp\EAD34F4.exe
C:\Users\Norman\AppData\Local\Temp\EAD366A.exe
C:\Users\Norman\AppData\Local\Temp\EAD38AC.exe
C:\Users\Norman\AppData\Local\Temp\EAD3DE9.exe
C:\Users\Norman\AppData\Local\Temp\EAD3EC4.exe
C:\Users\Norman\AppData\Local\Temp\EAD482.exe
C:\Users\Norman\AppData\Local\Temp\EAD4864.exe
C:\Users\Norman\AppData\Local\Temp\EAD49DB.exe
C:\Users\Norman\AppData\Local\Temp\EAD4B42.exe
C:\Users\Norman\AppData\Local\Temp\EAD4F86.exe
C:\Users\Norman\AppData\Local\Temp\EAD5485.exe
C:\Users\Norman\AppData\Local\Temp\EAD54D.exe
C:\Users\Norman\AppData\Local\Temp\EAD556F.exe
C:\Users\Norman\AppData\Local\Temp\EAD5724.exe
C:\Users\Norman\AppData\Local\Temp\EAD587B.exe
C:\Users\Norman\AppData\Local\Temp\EAD5BA.exe
C:\Users\Norman\AppData\Local\Temp\EAD5C23.exe
C:\Users\Norman\AppData\Local\Temp\EAD63B1.exe
C:\Users\Norman\AppData\Local\Temp\EAD65F2.exe
C:\Users\Norman\AppData\Local\Temp\EAD6F36.exe
C:\Users\Norman\AppData\Local\Temp\EAD73F7.exe
C:\Users\Norman\AppData\Local\Temp\EAD751F.exe
C:\Users\Norman\AppData\Local\Temp\EAD7731.exe
C:\Users\Norman\AppData\Local\Temp\EAD7732.exe
C:\Users\Norman\AppData\Local\Temp\EAD7905.exe
C:\Users\Norman\AppData\Local\Temp\EAD7A3D.exe
C:\Users\Norman\AppData\Local\Temp\EAD7A7C.exe
C:\Users\Norman\AppData\Local\Temp\EAD7B18.exe
C:\Users\Norman\AppData\Local\Temp\EAD7CBD.exe
C:\Users\Norman\AppData\Local\Temp\EAD819D.exe
C:\Users\Norman\AppData\Local\Temp\EAD820A.exe
C:\Users\Norman\AppData\Local\Temp\EAD8333.exe
C:\Users\Norman\AppData\Local\Temp\EAD8583.exe
C:\Users\Norman\AppData\Local\Temp\EAD8C09.exe
C:\Users\Norman\AppData\Local\Temp\EAD8DCD.exe
C:\Users\Norman\AppData\Local\Temp\EAD8EB8.exe
C:\Users\Norman\AppData\Local\Temp\EAD9165.exe
C:\Users\Norman\AppData\Local\Temp\EAD92FB.exe
C:\Users\Norman\AppData\Local\Temp\EAD933.exe
C:\Users\Norman\AppData\Local\Temp\EAD9645.exe
C:\Users\Norman\AppData\Local\Temp\EAD97BF.exe
C:\Users\Norman\AppData\Local\Temp\EAD9B45.exe
C:\Users\Norman\AppData\Local\Temp\EAD9C0.exe
C:\Users\Norman\AppData\Local\Temp\EAD9CBB.exe
C:\Users\Norman\AppData\Local\Temp\EAD9DF3.exe
C:\Users\Norman\AppData\Local\Temp\EADA053.exe
C:\Users\Norman\AppData\Local\Temp\EADAB.exe
C:\Users\Norman\AppData\Local\Temp\EADAF8F.exe
C:\Users\Norman\AppData\Local\Temp\EADB173.exe
C:\Users\Norman\AppData\Local\Temp\EADB6D0.exe
C:\Users\Norman\AppData\Local\Temp\EADB73D.exe
C:\Users\Norman\AppData\Local\Temp\EADB74D.exe
C:\Users\Norman\AppData\Local\Temp\EADB77C.exe
C:\Users\Norman\AppData\Local\Temp\EADB866.exe
C:\Users\Norman\AppData\Local\Temp\EADBCE.exe
C:\Users\Norman\AppData\Local\Temp\EADBD36.exe
C:\Users\Norman\AppData\Local\Temp\EADC225.exe
C:\Users\Norman\AppData\Local\Temp\EADC2A2.exe
C:\Users\Norman\AppData\Local\Temp\EADC7E.exe
C:\Users\Norman\AppData\Local\Temp\EADCB0E.exe
C:\Users\Norman\AppData\Local\Temp\EADCD3D.exe
C:\Users\Norman\AppData\Local\Temp\EADCD7B.exe
C:\Users\Norman\AppData\Local\Temp\EADCE84.exe
C:\Users\Norman\AppData\Local\Temp\EADD68.exe
C:\Users\Norman\AppData\Local\Temp\EADD7B8.exe
C:\Users\Norman\AppData\Local\Temp\EADD858.exe
C:\Users\Norman\AppData\Local\Temp\EADDA.exe
C:\Users\Norman\AppData\Local\Temp\EADDA95.exe
C:\Users\Norman\AppData\Local\Temp\EADDF37.exe
C:\Users\Norman\AppData\Local\Temp\EADDF46.exe
C:\Users\Norman\AppData\Local\Temp\EADE04.exe
C:\Users\Norman\AppData\Local\Temp\EADE0FB.exe
C:\Users\Norman\AppData\Local\Temp\EADE407.exe
C:\Users\Norman\AppData\Local\Temp\EADE780.exe
C:\Users\Norman\AppData\Local\Temp\EADE906.exe
C:\Users\Norman\AppData\Local\Temp\EADEACE.exe
C:\Users\Norman\AppData\Local\Temp\EADEBA5.exe
C:\Users\Norman\AppData\Local\Temp\EADEBF.exe
C:\Users\Norman\AppData\Local\Temp\EADECBE.exe
C:\Users\Norman\AppData\Local\Temp\EADEFE9.exe
C:\Users\Norman\AppData\Local\Temp\EADF.exe
C:\Users\Norman\AppData\Local\Temp\EADF018.exe
C:\Users\Norman\AppData\Local\Temp\EADF0F2.exe
C:\Users\Norman\AppData\Local\Temp\EADF259.exe
C:\Users\Norman\AppData\Local\Temp\EADF391.exe
C:\Users\Norman\AppData\Local\Temp\EADF392.exe
C:\Users\Norman\AppData\Local\Temp\EADF556.exe
C:\Users\Norman\AppData\Local\Temp\EADF5C3.exe
C:\Users\Norman\AppData\Local\Temp\EADF630.exe
C:\Users\Norman\AppData\Local\Temp\EADF8CF.exe
C:\Users\Norman\AppData\Local\Temp\EADF90D.exe
C:\Users\Norman\AppData\Local\Temp\EADFD70.exe
C:\Users\Norman\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Norman\AppData\Local\Temp\installhelper.dll
C:\Users\Norman\AppData\Local\Temp\LollipopInstaller_notifications.exe
C:\Users\Norman\AppData\Local\Temp\optprosetup.exe
C:\Users\Norman\AppData\Local\Temp\speedupmypc.exe
C:\Users\Norman\AppData\Local\Temp\SpOrder.dll
C:\Users\Norman\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Norman\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Norman\AppData\Local\Temp\System.Data.SQLite13451.dll
C:\Users\Norman\AppData\Local\Temp\System.Data.SQLite17317.dll
C:\Users\Norman\AppData\Local\Temp\System.Data.SQLite82239.dll
C:\Users\Norman\AppData\Local\Temp\System.Data.SQLite94484.dll
C:\Users\Norman\AppData\Local\Temp\tbuC541.exe
C:\Users\Norman\AppData\Local\Temp\tbuDE7C.exe
C:\Users\Norman\AppData\Local\Temp\tmp2899.dll
C:\Users\Norman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Norman\AppData\Local\Temp\_is7954.exe
C:\Users\Norman\AppData\Local\Temp\{AA71B31A-48D7-4AD8-A02E-647EDCF2D0B2}-29.0.1547.66_29.0.1547.62_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 15:18

==================== End Of Log ============================
--- --- ---


Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-20 10:50:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Norman\AppData\Local\Temp\ugldrpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                    fffff800037b2000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                    fffff800037b202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\services.exe[616] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                              0000000077a90880 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                              0000000077a90880 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                              0000000077a90880 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Windows\system32\svchost.exe[1752] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                              0000000077a90880 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Program Files\Bonjour\mDNSResponder.exe[1992] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                  0000000077a90880 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  00000000762d1465 2 bytes [2D, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000762d14bb 2 bytes [2D, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Windows\AsScrPro.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  00000000762d1465 2 bytes [2D, 76]
.text    C:\Windows\AsScrPro.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000762d14bb 2 bytes [2D, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Windows\System32\svchost.exe[2476] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes                                              0000000077a90880 14 bytes {JMP QWORD [RIP+0x0]}

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\services.exe [616:3004]                                                                                                            000000000110f430
Thread    C:\Windows\system32\services.exe [616:3008]                                                                                                            000000000110f430
Thread    C:\Windows\system32\services.exe [616:3012]                                                                                                            000000000110f430
Thread    C:\Windows\system32\services.exe [616:3016]                                                                                                            000000000110f430
Thread    C:\Windows\system32\services.exe [616:3024]                                                                                                            000000000112dc30
Thread    C:\Windows\system32\services.exe [616:2852]                                                                                                            000000000112dc30
Thread    C:\Windows\system32\svchost.exe [840:880]                                                                                                              000000000052f430
Thread    C:\Windows\system32\svchost.exe [840:884]                                                                                                              000000000052f430
Thread    C:\Windows\system32\svchost.exe [840:888]                                                                                                              000000000052f430
Thread    C:\Windows\system32\svchost.exe [840:892]                                                                                                              000000000052f430
Thread    C:\Windows\system32\svchost.exe [840:900]                                                                                                              000000000054dc30
Thread    C:\Windows\system32\svchost.exe [856:1660]                                                                                                            0000000000bdf430
Thread    C:\Windows\system32\svchost.exe [856:1664]                                                                                                            0000000000bdf430
Thread    C:\Windows\system32\svchost.exe [856:1668]                                                                                                            0000000000bdf430
Thread    C:\Windows\system32\svchost.exe [856:1672]                                                                                                            0000000000bdf430
Thread    C:\Windows\system32\svchost.exe [856:1680]                                                                                                            0000000000bfdc30
Thread    C:\Windows\system32\svchost.exe [856:1728]                                                                                                            0000000000bfdc30
Thread    C:\Windows\system32\svchost.exe [1232:5992]                                                                                                            0000000015b43134
Thread    C:\Windows\system32\svchost.exe [1232:6000]                                                                                                            0000000015b42ff8
Thread    C:\Windows\System32\spoolsv.exe [1704:2920]                                                                                                            000000000245f430
Thread    C:\Windows\System32\spoolsv.exe [1704:2924]                                                                                                            000000000245f430
Thread    C:\Windows\System32\spoolsv.exe [1704:2928]                                                                                                            000000000245f430
Thread    C:\Windows\System32\spoolsv.exe [1704:2932]                                                                                                            000000000245f430
Thread    C:\Windows\system32\svchost.exe [1752:2440]                                                                                                            00000000010ff430
Thread    C:\Windows\system32\svchost.exe [1752:2444]                                                                                                            00000000010ff430
Thread    C:\Windows\system32\svchost.exe [1752:2448]                                                                                                            00000000010ff430
Thread    C:\Windows\system32\svchost.exe [1752:2452]                                                                                                            00000000010ff430
Thread    C:\Windows\system32\svchost.exe [1752:2460]                                                                                                            000000000111dc30
Thread    C:\Windows\Explorer.EXE [3176:5952]                                                                                                                    000000000650f430
Thread    C:\Windows\Explorer.EXE [3176:5956]                                                                                                                    000000000650f430
Thread    C:\Windows\Explorer.EXE [3176:5960]                                                                                                                    000000000650f430
Thread    C:\Windows\Explorer.EXE [3176:5964]                                                                                                                    000000000650f430
Thread    C:\Windows\Explorer.EXE [3176:5972]                                                                                                                    000000000652dc30
Thread    C:\Windows\Explorer.EXE [3176:5984]                                                                                                                    000000000652dc30
Thread    C:\Windows\System32\svchost.exe [2476:1476]                                                                                                            00000000001df430
Thread    C:\Windows\System32\svchost.exe [2476:5124]                                                                                                            00000000001df430
Thread    C:\Windows\System32\svchost.exe [2476:5128]                                                                                                            00000000001df430
Thread    C:\Windows\System32\svchost.exe [2476:5132]                                                                                                            00000000001df430
Thread    C:\Windows\System32\svchost.exe [2476:5140]                                                                                                            00000000001fdc30
Thread    C:\Windows\System32\svchost.exe [2476:5164]                                                                                                            00000000001fdc30
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5292:5552]                                                                                        000000000169f430
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5292:5556]                                                                                        000000000169f430
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5292:5560]                                                                                        000000000169f430
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5292:5564]                                                                                        000000000169f430
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5292:5572]                                                                                        00000000016bdc30
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5292:5604]                                                                                        00000000016bdc30
---- Processes - GMER 2.1 ----

Library  C:\PROGRA~3\WinSpeed\WINSPE~1.DLL (*** suspicious ***) @ C:\Windows\system32\rundll32.exe [2020](2014-08-20 05:57:55)                                  000007fef8a20000
Library  c:\progra~3\winspeed\winspeed.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [1196](2014-08-20 05:57:54)                                  0000000072fd0000
Library  c:\progra~3\winspeed\WinSpeedSvc.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [1196](2014-08-20 05:57:55)                              0000000072f50000
Library  Ì÷wà]H (*** suspicious ***) @ C:\Windows\Explorer.EXE [3176]                                                                                          000007fee6d40000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                0xBD 0x56 0x04 0xC1 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                        0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                        0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                    0xBD 0x56 0x04 0xC1 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                        C:\Program Files (x86)\DAEMON Tools Lite\

---- EOF - GMER 2.1 ----

schrauber 21.08.2014 07:56
Adware & Co. deinstallieren




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

RNob 21.08.2014 10:30
Hallo Schrauber,

Schritt 1 habe ich durchgeführt. Allerdings kann ich combofix nicht herunterladen. Woran könnte dies liegen. (Nutze einen anderen Computer zum Download)

mfG

So, jetzt alles erledigt. Keine besonderen Vorkommnisse. Anbei poste ich das Log- File.

Code:
ComboFix 14-08-19.01 - Norman 21.08.2014  10:30:20.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3885.1989 [GMT 2:00]
ausgeführt von:: c:\users\Norman\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
C:\prefs.js
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\MediaBuzzV1
c:\program files (x86)\MediaWatchV1
c:\programdata\374311380
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ekdgbodaoampohmhmecigaomnjppbplb_0
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ekdgbodaoampohmhmecigaomnjppbplb_0\70
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\background.html
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\chromeCoreFilesIndex.txt
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\crossriderManifest.json
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\manifest.xml
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins.json
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\1.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\102.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\104.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\13.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\14.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\155.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\17.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\177.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\182.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\183.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\184.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\19.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\191.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\193.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\195.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\207.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\21.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\211.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\22.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\220.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\221.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\242.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\244.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\246.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\262.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\263.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\267.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\28.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\4.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\47.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\64.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\7.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\72.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\78.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\80.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\9.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\91.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\93.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\97.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\userCode\background.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\userCode\extension.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\icons\actions\1.png
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\icons\icon128.png
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\icons\icon16.png
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\icons\icon48.png
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\api\chrome.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\api\cookie.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\api\message.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\api\monitor.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\api\pageAction.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\api\pageActionBG.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\background.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\app_api.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\bg_app_api.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\consts.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\cookie_store.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\crossriderAPI.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\delegate.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\events.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\extensionDataStore.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\installer.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\logFile.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\logging.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\onBGDocumentLoad.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\popupResource\newPopup.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\popupResource\popup.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\reports.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\storageWrapper.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\updateManager.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\util.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\lib\xhr.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\main.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\js\platformVersion.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\manifest.json
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\popup.html
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\183\background.html
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\183\ckIF.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\183\content.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\183\lsdb.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\183\manifest.json
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn\189\ApbPXl.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn\189\background.html
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn\189\content.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn\189\lsdb.js
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioomoieildjihcajfoobhhiecjkmfn\189\manifest.json
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\000260.ldb
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\000274.ldb
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\000289.ldb
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\000290.log
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\CURRENT
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\LOCK
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\LOG
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\LOG.old
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekdgbodaoampohmhmecigaomnjppbplb\MANIFEST-000288
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekdgbodaoampohmhmecigaomnjppbplb_0.localstorage-journal
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekdgbodaoampohmhmecigaomnjppbplb_0.localstorage
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_omioomoieildjihcajfoobhhiecjkmfn_0.localstorage-journal
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_omioomoieildjihcajfoobhhiecjkmfn_0.localstorage
c:\users\Norman\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Norman\AppData\Local\Temp\__tmp_0604b699
c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\extensions\vamchw@ovy.co.uk
c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\extensions\vamchw@ovy.co.uk\bootstrap.js
c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\extensions\vamchw@ovy.co.uk\chrome.manifest
c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\extensions\vamchw@ovy.co.uk\content\bg.js
c:\users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\extensions\vamchw@ovy.co.uk\install.rdf
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\PFRO.log
.
Infizierte Kopie von c:\windows\SysWow64\kernel32.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll wurde wiederhergestellt
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_globalUpdate
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-07-21 bis 2014-08-21  ))))))))))))))))))))))))))))))
.
.
2014-08-21 08:12 . 2014-08-18 04:14        11319200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B15F75D-E5C3-457A-A11C-DCEA76F85816}\mpengine.dll
2014-08-21 07:23 . 2014-08-21 07:23        --------        d-----w-        c:\program files (x86)\CooiLSalEECoUpon
2014-08-21 07:10 . 2014-08-21 07:10        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-08-20 08:27 . 2014-08-20 08:31        --------        d-----w-        C:\FRST
2014-08-18 10:20 . 2014-08-21 07:23        --------        d-----w-        c:\programdata\8e27c8f07b9e9861
2014-08-13 12:02 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-08-13 12:02 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-08-13 12:02 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-08-13 12:02 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-08-13 12:02 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-08-13 12:02 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-08-13 12:01 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 12:01 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-08-13 11:14 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDTAT.DLL
2014-08-13 11:14 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDRU1.DLL
2014-08-13 11:14 . 2014-07-09 02:03        6656        ----a-w-        c:\windows\system32\KBDRU.DLL
2014-08-13 11:14 . 2014-07-09 01:31        7168        ----a-w-        c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 11:14 . 2014-07-09 01:31        6656        ----a-w-        c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 11:14 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-08-13 11:14 . 2014-07-09 02:03        7168        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-08-13 11:14 . 2014-07-16 03:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-08-13 11:14 . 2014-07-16 02:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-08-13 11:13 . 2014-06-03 10:02        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-08-13 11:13 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\SysWow64\msi.dll
2014-08-13 11:13 . 2014-06-03 10:02        112064        ----a-w-        c:\windows\system32\consent.exe
2014-08-13 11:13 . 2014-06-03 10:02        1941504        ----a-w-        c:\windows\system32\authui.dll
2014-08-13 11:13 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\SysWow64\authui.dll
2014-08-13 11:13 . 2014-06-03 10:02        504320        ----a-w-        c:\windows\system32\msihnd.dll
2014-08-13 11:13 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\SysWow64\msihnd.dll
2014-08-13 11:12 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 11:12 . 2014-07-16 02:12        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-08-13 11:12 . 2014-07-16 03:25        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-13 11:12 . 2014-07-16 02:46        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-13 11:12 . 2014-06-25 02:05        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-08-13 11:05 . 2014-05-08 09:32        3178496        ----a-w-        c:\windows\system32\rdpcorets.dll
2014-08-13 11:05 . 2014-05-08 09:32        16384        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll
2014-08-13 11:05 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-08-13 11:05 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-08-13 11:05 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-08-13 11:05 . 2014-01-03 22:44        6574592        ----a-w-        c:\windows\system32\mstscax.dll
2014-08-13 11:04 . 2014-08-07 02:06        529920        ----a-w-        c:\windows\system32\aepdu.dll
2014-08-13 11:04 . 2014-08-07 02:01        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-08-06 06:02 . 2014-08-20 07:08        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-06 06:02 . 2014-08-13 10:46        --------        d-----w-        c:\programdata\Malwarebytes
2014-08-06 06:02 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-08-06 05:54 . 2014-08-06 05:54        687        ----a-w-        C:\awh81A.tmp
2014-08-06 05:42 . 2012-08-23 14:10        19456        ----a-w-        c:\windows\system32\drivers\rdpvideominiport.sys
2014-08-06 05:42 . 2012-08-23 11:12        192000        ----a-w-        c:\windows\SysWow64\rdpendp_winip.dll
2014-08-06 05:42 . 2012-08-23 14:13        243200        ----a-w-        c:\windows\system32\rdpudd.dll
2014-08-06 05:42 . 2012-08-23 10:51        228864        ----a-w-        c:\windows\system32\rdpendp_winip.dll
2014-08-06 05:41 . 2013-09-25 02:23        1030144        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-08-06 05:41 . 2013-09-25 01:57        792576        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-08-06 05:40 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2014-08-06 05:40 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-08-06 05:26 . 2014-08-06 05:26        687        ----a-w-        C:\awh4AE4.tmp
2014-08-04 09:22 . 2014-08-04 09:22        687        ----a-w-        C:\awh2D46.tmp
2014-08-04 05:32 . 2014-08-04 05:32        687        ----a-w-        C:\awhCDC9.tmp
2014-08-04 05:09 . 2014-08-04 05:09        687        ----a-w-        C:\awh6C78.tmp
2014-08-02 11:26 . 2014-08-02 11:26        687        ----a-w-        C:\awh4FB5.tmp
2014-07-31 06:44 . 2014-07-31 06:44        687        ----a-w-        C:\awh5292.tmp
2014-07-30 18:23 . 2014-07-30 18:23        687        ----a-w-        C:\awhAD4E.tmp
2014-07-30 06:25 . 2014-07-30 06:25        687        ----a-w-        C:\awh3957.tmp
2014-07-29 07:11 . 2014-07-29 07:11        687        ----a-w-        C:\awh4587.tmp
2014-07-29 06:15 . 2014-07-29 06:15        --------        d-----w-        c:\users\Norman\AppData\Local\com
2014-07-29 06:12 . 2014-08-20 07:08        --------        d-----w-        c:\program files (x86)\Optimizer Pro
2014-07-29 06:11 . 2014-07-29 06:11        --------        d-----w-        c:\program files (x86)\PepperZip
2014-07-29 06:11 . 2014-07-28 18:24        4795904        ----a-w-        c:\windows\score.exe
2014-07-29 06:11 . 2014-08-06 10:25        --------        d-----w-        c:\users\Norman\AppData\Roaming\VOPackage
2014-07-29 06:10 . 2014-07-29 06:10        687        ----a-w-        C:\awh1812.tmp
2014-07-28 05:13 . 2014-07-28 05:13        687        ----a-w-        C:\awh17F2.tmp
2014-07-27 18:10 . 2014-07-27 18:10        687        ----a-w-        C:\awh63A2.tmp
2014-07-27 16:56 . 2014-07-27 16:56        687        ----a-w-        C:\awh5C71.tmp
2014-07-27 09:26 . 2014-07-27 09:26        687        ----a-w-        C:\awh26C1.tmp
2014-07-26 10:38 . 2014-07-26 10:38        687        ----a-w-        C:\awh6315.tmp
2014-07-25 15:47 . 2014-07-25 15:47        687        ----a-w-        C:\awh1525.tmp
2014-07-25 05:50 . 2014-07-25 05:50        687        ----a-w-        C:\awh20F7.tmp
2014-07-24 16:49 . 2014-07-24 16:49        687        ----a-w-        C:\awh7FC9.tmp
2014-07-24 06:47 . 2014-07-24 06:47        687        ----a-w-        C:\awh3C06.tmp
2014-07-23 06:18 . 2014-07-23 06:18        687        ----a-w-        C:\awh15E0.tmp
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-21 09:21 . 2011-07-03 17:09        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2014-08-13 12:09 . 2010-10-13 15:55        99218768        ----a-w-        c:\windows\system32\MRT.exe
2014-08-05 07:20 . 2010-12-20 11:35        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-07-21 17:35 . 2014-07-21 17:35        687        ----a-w-        C:\awh4A3D.tmp
2014-07-19 15:44 . 2014-07-19 15:44        687        ----a-w-        C:\awh3716.tmp
2014-07-18 15:11 . 2014-07-18 15:11        687        ----a-w-        C:\awh750.tmp
2014-07-18 14:37 . 2014-07-18 14:37        687        ----a-w-        C:\awh580E.tmp
2014-07-18 14:28 . 2014-07-18 14:28        687        ----a-w-        C:\awh40C7.tmp
2014-07-18 06:06 . 2014-07-18 06:06        687        ----a-w-        C:\awh1AEF.tmp
2014-07-17 06:59 . 2014-07-17 06:59        687        ----a-w-        C:\awh422D.tmp
2014-07-17 04:17 . 2014-07-17 04:17        687        ----a-w-        C:\awh4327.tmp
2014-07-16 14:43 . 2012-05-30 06:30        20280        ----a-w-        c:\windows\system32\roboot64.exe
2014-07-15 10:26 . 2014-07-15 10:26        687        ----a-w-        C:\awh8729.tmp
2014-07-15 05:27 . 2014-07-15 05:27        687        ----a-w-        C:\awhE7BB.tmp
2014-07-11 15:31 . 2014-07-11 15:31        687        ----a-w-        C:\awhBA2A.tmp
2014-07-11 06:50 . 2014-07-11 06:50        687        ----a-w-        C:\awh79EF.tmp
2014-07-11 05:29 . 2014-07-11 05:29        687        ----a-w-        C:\awhE2B0.tmp
2014-07-10 20:06 . 2014-07-10 20:06        687        ----a-w-        C:\awh6585.tmp
2014-07-10 09:46 . 2014-07-10 09:46        687        ----a-w-        C:\awh1C36.tmp
2014-07-09 12:03 . 2014-07-09 12:03        687        ----a-w-        C:\awhBA49.tmp
2014-07-09 09:46 . 2012-11-17 11:41        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 09:46 . 2012-11-17 11:41        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 09:46 . 2014-05-14 07:47        11204096        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-08 05:34 . 2014-07-08 05:34        687        ----a-w-        C:\awh53D9.tmp
2014-07-07 05:03 . 2014-07-07 05:03        687        ----a-w-        C:\awh474C.tmp
2014-07-06 09:34 . 2014-07-06 09:34        687        ----a-w-        C:\awh9DC4.tmp
2014-07-03 18:57 . 2014-07-03 18:57        687        ----a-w-        C:\awh4F67.tmp
2014-07-03 07:21 . 2014-07-03 07:21        687        ----a-w-        C:\awhCAAE.tmp
2014-06-30 18:35 . 2014-06-30 18:35        687        ----a-w-        C:\awhA0FF.tmp
2014-06-29 12:21 . 2014-06-29 12:21        687        ----a-w-        C:\awhDF56.tmp
2014-06-28 07:16 . 2014-06-28 07:16        687        ----a-w-        C:\awhC681.tmp
2014-06-25 20:34 . 2014-06-25 20:34        0        ----a-w-        c:\windows\SysWow64\shoF32B.tmp
2014-06-25 14:36 . 2014-06-25 14:36        687        ----a-w-        C:\awh843C.tmp
2014-06-25 05:27 . 2014-06-25 05:27        687        ----a-w-        C:\awh53F9.tmp
2014-06-24 20:32 . 2014-06-24 20:32        687        ----a-w-        C:\awh6891.tmp
2014-06-22 09:11 . 2014-06-22 09:11        687        ----a-w-        C:\awh58E8.tmp
2014-06-21 08:12 . 2014-06-21 08:12        687        ----a-w-        C:\awhF48B.tmp
2014-06-20 12:29 . 2014-06-20 12:29        687        ----a-w-        C:\awh8D6F.tmp
2014-06-18 09:44 . 2014-06-19 12:55        608179        ----a-w-        c:\users\Norman\AppData\Local\AnyProtectScannerSetup.exe
2014-06-18 02:18 . 2014-07-09 13:17        692736        ----a-w-        c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 13:17        646144        ----a-w-        c:\windows\SysWow64\osk.exe
2014-06-16 14:59 . 2014-06-16 14:59        108544        ----a-w-        c:\windows\SysWow64\hfnapi.dll
2014-06-16 14:59 . 2014-06-16 14:59        246784        ----a-w-        c:\windows\SysWow64\hfpapi.dll
2014-06-06 10:10 . 2014-07-09 13:17        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 13:17        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 13:16        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 13:16        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 13:16        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 13:17        210944        ----a-w-        c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 13:17        86528        ----a-w-        c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 13:17        340992        ----a-w-        c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 13:17        314880        ----a-w-        c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 13:17        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 13:17        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 13:17        22016        ----a-w-        c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 13:17        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 13:17        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 13:17        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 13:17        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 13:17        259584        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 13:17        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 13:17        17408        ----a-w-        c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 13:17        497152        ----a-w-        c:\windows\system32\drivers\afd.sys
2014-05-28 07:03 . 2014-05-28 07:03        0        ----a-w-        c:\windows\SysWow64\shoB2FA.tmp
2009-04-08 17:31 . 2009-04-08 17:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54        175912        ----a-w-        c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_29B69EEE740A47DF7549CA7579BEBBEF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-6-8 12862]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 scores;scores;c:\windows\score.exe;c:\windows\score.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 11:36        1104200        ----a-w-        c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 09:46]
.
2014-06-18 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31 17:38]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-08 21:07]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-08 21:07]
.
2014-08-21 c:\windows\Tasks\MT66 Software Update.job
- c:\program files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2012-12-08 17:44]
.
2014-04-02 c:\windows\Tasks\User_Feed_Synchronization-{F29BB976-EE78-451D-926D-D0607B097FA2}.job
- c:\windows\system32\msfeedssync.exe [2013-12-04 08:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:newtab
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = www.google.com
mStart Page = about:newtab
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = www.google.com
uSearchURL,(Default) = www.google.com/
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\Norman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-420645628-1813877703-113317616-1001\Software\SecuROM\License information*]
"datasecu"=hex:ad,83,d5,3f,8a,72,7d,7b,60,89,b5,c0,a8,df,05,70,ae,3a,e5,16,c9,
  b0,0b,82,14,95,d0,a0,ee,cb,78,4d,19,34,84,71,65,30,21,1d,56,ee,6d,a6,69,04,\
"rkeysecu"=hex:51,83,8d,fb,bf,3d,92,99,22,9a,2a,04,84,cc,cf,a3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-21  11:24:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-21 09:24
.
Vor Suchlauf: 3.615.866.880 Bytes frei
Nach Suchlauf: 9.619.111.936 Bytes frei
.
- - End Of File - - FB1D0E53C0FEB0A3B65EFAD1D429ED15

schrauber 21.08.2014 20:26
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

RNob 22.08.2014 08:44
Hallo Schrauber,

ich habe alle Arbeiten durchgeführt. Hier die Ergebnisse:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.08.2014
Suchlauf-Zeit: 09:01:15
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.22.03
Rootkit Datenbank: v2014.08.21.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Norman

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 376933
Verstrichene Zeit: 11 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v3.308 - Bericht erstellt am 22/08/2014 um 09:20:59
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Norman - ROBERT
# Gestartet von : C:\Users\Norman\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Norman\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Norman\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Norman\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Norman\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Norman\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Norman\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Norman\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Norman\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Norman\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\SimplyTech
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\ValueApps
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Ordner Gelöscht : C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Users\Norman\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Norman\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Ordner Gelöscht : C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gelöscht : C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp
Datei Gelöscht : C:\Windows\SysWOW64\hfpapi.dll
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.ini
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\SecureAssist.ini
Datei Gelöscht : C:\Windows\System32\SecureAssist64.dll
Datei Gelöscht : C:\Windows\System32\SecureAssistOff.ini
Datei Gelöscht : C:\Users\Norman\daemonprocess.txt
Datei Gelöscht : C:\Users\Norman\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Norman\AppData\Roaming\aps.scan.quick.results
Datei Gelöscht : C:\Users\Norman\AppData\Roaming\aps.scan.results
Datei Gelöscht : C:\Users\Norman\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Datei Gelöscht : C:\Users\UpdatusUser\Desktop\NewPlayer.lnk

***** [ Tasks ] *****

Task Gelöscht : ASP
Task Gelöscht : BrowserProtect
Task Gelöscht : EPUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{550bb1da-ebf2-411a-bf29-902df8b1066c}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKCU\Software\5955888bbc35e913
Schlüssel Gelöscht : HKLM\SOFTWARE\5955888bbc35e913
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2152D9E-15DD-4D98-B3F1-B7388A15A3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E6772887-C1E1-405E-94BB-D8760A1CF8DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2152D9E-15DD-4D98-B3F1-B7388A15A3F9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2152D9E-15DD-4D98-B3F1-B7388A15A3F9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2152D9E-15DD-4D98-B3F1-B7388A15A3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5FBBA35-5A9E-483C-AA21-C2AA90F2BB8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D52747D4-62E5-488D-8926-929B96600725}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\PepperZip
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\IePlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaWatchV1
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%22[...]
Zeile gelöscht : user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.awesomehp.com/web/?type=ds&ts=1394522550&from=adks&uid=ST9500325AS_6VE7HBS1XXXX6VE7HBS1&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.7&ts=1.000008&tguid=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403128800000.000008&tguid=82443-24086-1403180553023-A2CB6C8DBEA53F83093D8CA04D4D2B61&q={searchTerms}
Gelöscht [Extension] : kpionmjnkbpcdpcflammlgllecmejgjj
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp

*************************

AdwCleaner[R0].txt - [45359 octets] - [22/08/2014 09:17:53]
AdwCleaner[S0].txt - [42355 octets] - [22/08/2014 09:20:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42416 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Norman on 22.08.2014 at  9:27:01,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-420645628-1813877703-113317616-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211821134}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211821134}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoB2FA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDFD.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF32B.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Norman\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Norman\AppData\Roaming\thinstall"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.08.2014 at  9:32:50,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Norman (administrator) on ROBERT on 22-08-2014 09:35:42
Running from C:\Users\Norman\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\score.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\mbot_de_34\mbot_de_34.exe
() C:\Users\Norman\AppData\Local\mbot_de_34\upmbot_de_34.exe
() C:\Users\Norman\AppData\Roaming\InetStat\inetstat.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mbot_de_34] => C:\Program Files (x86)\mbot_de_34\mbot_de_34.exe [3979208 2014-08-21] ()
HKLM-x32\...\RunOnce: [upmbot_de_34.exe] => C:\Users\Norman\AppData\Local\mbot_de_34\upmbot_de_34.exe [3336696 2014-08-21] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\Run: [GoogleChromeAutoLaunch_29B69EEE740A47DF7549CA7579BEBBEF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\Run: [InetStat] => C:\Users\Norman\AppData\Roaming\InetStat\inetstat.exe [706544 2014-08-22] ()
AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [95848 2010-03-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default
FF NewTab: about:home
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Extension: Widget context - C:\Users\Norman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-05]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon

Chrome:
=======
CHR HomePage: hxxp://start.androidnewtab.com/?1=1__PARAM__
CHR DefaultSearchKeyword: Web Search
CHR DefaultSearchURL: hxxp://search.androidnewtab.com/?1=1__PARAM__&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-05]
CHR Extension: (Google Drive) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (YouTube) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Web Search) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\canneacfbhohinchadcbleedjidnpejc [2014-08-04]
CHR Extension: (Super Tab Homepage) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchedanbhebbgjmnhcpmpcniijnfbdha [2014-08-04]
CHR Extension: (Google Search) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (Web Search) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf [2014-06-19]
CHR Extension: (No Name) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2013-06-05]
CHR Extension: (Super Tab) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdbehjiieocihhncnaggngbccgdcpo [2014-08-04]
CHR Extension: (No Name) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-05]
CHR Extension: (Google Wallet) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (No Name) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-03-05]
CHR Extension: (Gmail) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [bciilgdpfoijonnahfpinfnhpckkokna] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home9526\ch\MediaWatchV1home9526.crx [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [ejdbaenpnnpklfljeihebmljibepmimo] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7295\ch\MediaBuzzV1mode7295.crx [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [ldjojcbkmecbbllcopnbbkanahggohkj] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha6977\ch\TrustMediaViewerV1alpha6977.crx [2013-06-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2012-08-13] (Puran Software) [File not signed]
R2 scores; C:\Windows\score.exe [4795904 2014-07-28] () [File not signed]
S3 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2012-01-17] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-30] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
U3 tmlwf;
U3 tmwfp;
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 09:35 - 2014-08-22 09:35 - 00018717 _____ () C:\Users\Norman\Desktop\FRST.txt
2014-08-22 09:32 - 2014-08-22 09:32 - 00003398 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-08-22 09:32 - 2014-08-22 09:32 - 00001540 _____ () C:\Users\Norman\Desktop\JRT.txt
2014-08-22 09:32 - 2014-08-22 09:32 - 00000362 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Public\F12FF6D4209A4538A4D404E99346737D
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Public\E65A5EE0490A42C5824668D5555831B4
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Local\mbot_de_34
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Local\29436
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Program Files (x86)\mbot_de_34
2014-08-22 09:26 - 2014-08-22 09:26 - 00042941 _____ () C:\Users\Norman\Desktop\AdwCleaner[S0].txt
2014-08-22 09:26 - 2014-08-22 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 09:22 - 2014-08-22 09:22 - 00000310 _____ () C:\Windows\PFRO.log
2014-08-22 09:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-22 09:17 - 2014-08-22 09:21 - 00000000 ____D () C:\AdwCleaner
2014-08-22 09:17 - 2014-08-22 09:17 - 00001153 _____ () C:\Users\Norman\Desktop\mbam.txt
2014-08-22 09:00 - 2014-08-22 09:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 09:00 - 2014-08-22 09:00 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 09:00 - 2014-08-22 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 09:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-22 08:54 - 2014-08-22 08:54 - 01016261 _____ (Thisisu) C:\Users\Norman\Desktop\JRT.exe
2014-08-22 08:52 - 2014-08-22 08:53 - 01364531 _____ () C:\Users\Norman\Desktop\adwcleaner_3.308.exe
2014-08-22 08:50 - 2014-08-22 08:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\Users\Norman\Desktop\Combofix.txt
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\ComboFix.txt
2014-08-21 10:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-21 10:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-21 10:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-21 10:28 - 2014-08-21 11:24 - 00000000 ____D () C:\Qoobox
2014-08-21 10:28 - 2014-08-21 11:22 - 00000000 ____D () C:\Windows\erdnt
2014-08-21 10:27 - 2014-08-21 10:22 - 05572251 ____R (Swearware) C:\Users\Norman\Desktop\ComboFix.exe
2014-08-21 09:23 - 2014-08-21 09:23 - 00000000 ____D () C:\Program Files (x86)\CooiLSalEECoUpon
2014-08-21 09:10 - 2014-08-21 09:10 - 00001266 _____ () C:\Users\Norman\Desktop\Revo Uninstaller.lnk
2014-08-21 09:10 - 2014-08-21 09:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-21 09:03 - 2014-08-21 09:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Norman\Desktop\revosetup95.exe
2014-08-20 12:03 - 2014-08-20 12:03 - 00500552 _____ () C:\Windows\Minidump\082014-323405-01.dmp
2014-08-20 10:50 - 2014-08-20 10:50 - 00014075 _____ () C:\Users\Norman\Desktop\Gmer.log
2014-08-20 10:31 - 2014-08-20 10:31 - 00044706 _____ () C:\Users\Norman\Desktop\Addition.txt
2014-08-20 10:27 - 2014-08-22 09:35 - 00000000 ____D () C:\FRST
2014-08-20 10:21 - 2014-08-20 10:21 - 00000584 _____ () C:\Users\Norman\Desktop\defogger_disable.log
2014-08-20 10:21 - 2014-08-20 10:21 - 00000020 _____ () C:\Users\Norman\defogger_reenable
2014-08-20 10:19 - 2014-08-20 10:19 - 00380416 _____ () C:\Users\Norman\Desktop\Gmer-19357.exe
2014-08-20 10:18 - 2014-08-20 10:18 - 02101760 _____ (Farbar) C:\Users\Norman\Desktop\FRST64.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 00050477 _____ () C:\Users\Norman\Desktop\Defogger.exe
2014-08-20 10:02 - 2014-08-20 10:02 - 00096430 _____ () C:\Users\Norman\Desktop\Extras.Txt
2014-08-20 09:59 - 2014-08-20 09:59 - 00142852 _____ () C:\Users\Norman\Desktop\OTL.Txt
2014-08-20 09:38 - 2014-08-20 09:38 - 00602112 _____ (OldTimer Tools) C:\Users\Norman\Desktop\otl.exe
2014-08-18 12:20 - 2014-08-21 09:23 - 00000000 ____D () C:\ProgramData\8e27c8f07b9e9861
2014-08-17 13:50 - 2014-08-17 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-14 08:32 - 2014-08-14 08:32 - 01058200 _____ (Adobe) C:\Users\Norman\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-08-13 14:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 14:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 14:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 14:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 14:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 14:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 14:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 13:15 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:15 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:14 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:14 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:12 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:12 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:12 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:12 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 13:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:11 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:11 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:11 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:11 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:11 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:11 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:11 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:11 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:11 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:11 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:11 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:11 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:11 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:11 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:11 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:11 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:11 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:11 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:11 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:11 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:11 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:11 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:11 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:11 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:11 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:11 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:11 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:11 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:11 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:11 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:11 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:11 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:11 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:11 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:11 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:11 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:11 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:11 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:11 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:11 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:11 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:11 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:11 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:11 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:11 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:11 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:11 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:11 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:11 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:11 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:11 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:11 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:11 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:11 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:11 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:11 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:05 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:05 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:05 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-13 13:05 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-13 13:05 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-13 13:05 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-13 13:04 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:04 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 12:59 - 2014-08-06 13:00 - 00000000 ____D () C:\Users\Norman\Downloads\FM 2013
2014-08-06 12:59 - 2014-08-06 12:59 - 00921280 _____ () C:\Users\Norman\Downloads\FM 2013.rar
2014-08-06 12:59 - 2014-08-06 12:59 - 00183405 _____ () C:\Users\Norman\Downloads\FM2013 1.jpeg
2014-08-06 08:02 - 2014-08-22 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 08:02 - 2014-08-13 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 08:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 08:00 - 2014-08-06 08:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-06 08:00 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 07:54 - 2014-08-06 07:54 - 00000687 _____ () C:\awh81A.tmp
2014-08-06 07:44 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-06 07:44 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-06 07:44 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-06 07:44 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-06 07:44 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-06 07:44 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-06 07:44 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-06 07:44 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-06 07:44 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-06 07:44 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-06 07:44 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-06 07:44 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-06 07:44 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-06 07:44 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-06 07:44 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-06 07:44 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-06 07:42 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-06 07:42 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-06 07:42 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-06 07:42 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-06 07:41 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-06 07:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-06 07:40 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-06 07:40 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-06 07:26 - 2014-08-06 07:26 - 00000687 _____ () C:\awh4AE4.tmp
2014-08-04 11:22 - 2014-08-04 11:22 - 00000687 _____ () C:\awh2D46.tmp
2014-08-04 07:32 - 2014-08-04 07:32 - 00000687 _____ () C:\awhCDC9.tmp
2014-08-04 07:09 - 2014-08-04 07:09 - 00000687 _____ () C:\awh6C78.tmp
2014-08-02 13:29 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 13:29 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 13:29 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 13:29 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 13:29 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 13:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 13:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 13:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 13:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 13:26 - 2014-08-02 13:26 - 00000687 _____ () C:\awh4FB5.tmp
2014-07-31 08:56 - 2014-08-20 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 08:44 - 2014-07-31 08:44 - 00000687 _____ () C:\awh5292.tmp
2014-07-30 20:23 - 2014-07-30 20:23 - 00000687 _____ () C:\awhAD4E.tmp
2014-07-30 08:25 - 2014-07-30 08:25 - 00000687 _____ () C:\awh3957.tmp
2014-07-29 09:11 - 2014-07-29 09:11 - 00000687 _____ () C:\awh4587.tmp
2014-07-29 08:15 - 2014-07-29 08:15 - 00000000 ____D () C:\Users\Norman\AppData\Local\com
2014-07-29 08:11 - 2014-07-29 08:11 - 00001021 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-07-29 08:11 - 2014-07-28 20:24 - 04795904 _____ () C:\Windows\score.exe
2014-07-29 08:10 - 2014-07-29 08:10 - 00000687 _____ () C:\awh1812.tmp
2014-07-29 08:09 - 2014-07-29 08:09 - 01505024 _____ () C:\Users\Norman\Downloads\Player Setup.exe
2014-07-28 07:13 - 2014-07-28 07:13 - 00000687 _____ () C:\awh17F2.tmp
2014-07-27 20:10 - 2014-07-27 20:10 - 00000687 _____ () C:\awh63A2.tmp
2014-07-27 18:56 - 2014-07-27 18:56 - 00000687 _____ () C:\awh5C71.tmp
2014-07-27 11:26 - 2014-07-27 11:26 - 00000687 _____ () C:\awh26C1.tmp
2014-07-26 12:38 - 2014-07-26 12:38 - 00000687 _____ () C:\awh6315.tmp
2014-07-25 17:47 - 2014-07-25 17:47 - 00000687 _____ () C:\awh1525.tmp
2014-07-25 07:50 - 2014-07-25 07:50 - 00000687 _____ () C:\awh20F7.tmp
2014-07-24 18:49 - 2014-07-24 18:49 - 00000687 _____ () C:\awh7FC9.tmp
2014-07-24 08:47 - 2014-07-24 08:47 - 00000687 _____ () C:\awh3C06.tmp
2014-07-23 08:18 - 2014-07-23 08:18 - 00000687 _____ () C:\awh15E0.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 09:36 - 2014-08-22 09:35 - 00018717 _____ () C:\Users\Norman\Desktop\FRST.txt
2014-08-22 09:35 - 2014-08-20 10:27 - 00000000 ____D () C:\FRST
2014-08-22 09:35 - 2010-06-08 23:07 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 09:34 - 2014-08-22 09:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 09:32 - 2014-08-22 09:32 - 00003398 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-08-22 09:32 - 2014-08-22 09:32 - 00001540 _____ () C:\Users\Norman\Desktop\JRT.txt
2014-08-22 09:32 - 2014-08-22 09:32 - 00000362 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Public\F12FF6D4209A4538A4D404E99346737D
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Public\E65A5EE0490A42C5824668D5555831B4
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Local\mbot_de_34
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Local\29436
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Program Files (x86)\mbot_de_34
2014-08-22 09:32 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 09:32 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 09:26 - 2014-08-22 09:26 - 00042941 _____ () C:\Users\Norman\Desktop\AdwCleaner[S0].txt
2014-08-22 09:26 - 2014-08-22 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 09:25 - 2010-06-08 23:07 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 09:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-22 09:24 - 2009-07-14 06:51 - 00419643 _____ () C:\Windows\setupact.log
2014-08-22 09:24 - 2009-07-14 06:45 - 00435744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 09:22 - 2014-08-22 09:22 - 00000310 _____ () C:\Windows\PFRO.log
2014-08-22 09:21 - 2014-08-22 09:17 - 00000000 ____D () C:\AdwCleaner
2014-08-22 09:21 - 2010-10-13 16:57 - 00000000 ____D () C:\Users\Norman
2014-08-22 09:21 - 2010-06-08 22:48 - 01711402 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 09:17 - 2014-08-22 09:17 - 00001153 _____ () C:\Users\Norman\Desktop\mbam.txt
2014-08-22 09:00 - 2014-08-22 09:00 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 09:00 - 2014-08-22 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:00 - 2014-08-06 08:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 08:54 - 2014-08-22 08:54 - 01016261 _____ (Thisisu) C:\Users\Norman\Desktop\JRT.exe
2014-08-22 08:53 - 2014-08-22 08:52 - 01364531 _____ () C:\Users\Norman\Desktop\adwcleaner_3.308.exe
2014-08-22 08:51 - 2014-08-22 08:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-22 08:46 - 2012-11-17 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\Users\Norman\Desktop\Combofix.txt
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\ComboFix.txt
2014-08-21 11:24 - 2014-08-21 10:28 - 00000000 ____D () C:\Qoobox
2014-08-21 11:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-21 11:22 - 2014-08-21 10:28 - 00000000 ____D () C:\Windows\erdnt
2014-08-21 11:21 - 2011-07-03 19:09 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-08-21 11:21 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-21 10:41 - 2009-07-14 04:34 - 97255424 _____ () C:\Windows\system32\config\software.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 25952256 _____ () C:\Windows\system32\config\system.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-08-21 10:24 - 2012-12-08 11:24 - 00000316 _____ () C:\Windows\Tasks\MT66 Software Update.job
2014-08-21 10:22 - 2014-08-21 10:27 - 05572251 ____R (Swearware) C:\Users\Norman\Desktop\ComboFix.exe
2014-08-21 09:23 - 2014-08-21 09:23 - 00000000 ____D () C:\Program Files (x86)\CooiLSalEECoUpon
2014-08-21 09:23 - 2014-08-18 12:20 - 00000000 ____D () C:\ProgramData\8e27c8f07b9e9861
2014-08-21 09:10 - 2014-08-21 09:10 - 00001266 _____ () C:\Users\Norman\Desktop\Revo Uninstaller.lnk
2014-08-21 09:10 - 2014-08-21 09:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-21 09:04 - 2014-08-21 09:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Norman\Desktop\revosetup95.exe
2014-08-20 12:03 - 2014-08-20 12:03 - 00500552 _____ () C:\Windows\Minidump\082014-323405-01.dmp
2014-08-20 12:03 - 2011-01-24 13:33 - 00000000 ____D () C:\Windows\Minidump
2014-08-20 10:50 - 2014-08-20 10:50 - 00014075 _____ () C:\Users\Norman\Desktop\Gmer.log
2014-08-20 10:37 - 2012-10-31 13:04 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-08-20 10:31 - 2014-08-20 10:31 - 00044706 _____ () C:\Users\Norman\Desktop\Addition.txt
2014-08-20 10:21 - 2014-08-20 10:21 - 00000584 _____ () C:\Users\Norman\Desktop\defogger_disable.log
2014-08-20 10:21 - 2014-08-20 10:21 - 00000020 _____ () C:\Users\Norman\defogger_reenable
2014-08-20 10:19 - 2014-08-20 10:19 - 00380416 _____ () C:\Users\Norman\Desktop\Gmer-19357.exe
2014-08-20 10:18 - 2014-08-20 10:18 - 02101760 _____ (Farbar) C:\Users\Norman\Desktop\FRST64.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 00050477 _____ () C:\Users\Norman\Desktop\Defogger.exe
2014-08-20 10:02 - 2014-08-20 10:02 - 00096430 _____ () C:\Users\Norman\Desktop\Extras.Txt
2014-08-20 09:59 - 2014-08-20 09:59 - 00142852 _____ () C:\Users\Norman\Desktop\OTL.Txt
2014-08-20 09:38 - 2014-08-20 09:38 - 00602112 _____ (OldTimer Tools) C:\Users\Norman\Desktop\otl.exe
2014-08-20 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-20 09:19 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-20 09:07 - 2012-04-18 10:29 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-20 09:07 - 2011-01-09 18:46 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\vlc
2014-08-20 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-19 08:09 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-08-18 07:40 - 2009-08-04 11:51 - 01760266 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 07:40 - 2009-08-04 11:51 - 00488386 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 07:40 - 2009-07-14 07:13 - 00006492 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 13:50 - 2014-08-17 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-16 10:47 - 2014-06-19 14:23 - 00000000 ____D () C:\temp
2014-08-14 08:32 - 2014-08-14 08:32 - 01058200 _____ (Adobe) C:\Users\Norman\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-08-14 08:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 20:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 14:23 - 2011-01-20 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 14:13 - 2013-08-13 09:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 14:09 - 2010-10-13 17:55 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 14:00 - 2014-05-06 23:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 12:46 - 2014-08-06 08:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 12:46 - 2011-01-20 11:10 - 00000000 ____D () C:\Users\Norman\AppData\Local\Microsoft Help
2014-08-07 04:06 - 2014-08-13 13:04 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 13:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 13:00 - 2014-08-06 12:59 - 00000000 ____D () C:\Users\Norman\Downloads\FM 2013
2014-08-06 12:59 - 2014-08-06 12:59 - 00921280 _____ () C:\Users\Norman\Downloads\FM 2013.rar
2014-08-06 12:59 - 2014-08-06 12:59 - 00183405 _____ () C:\Users\Norman\Downloads\FM2013 1.jpeg
2014-08-06 12:30 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-08-06 12:25 - 2014-03-11 10:15 - 00000000 ____D () C:\Windows\SysWOW64\dfrg
2014-08-06 12:01 - 2010-06-08 23:31 - 00001711 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-06 12:00 - 2014-03-11 10:04 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-06 08:01 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-06 08:00 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 07:54 - 2014-08-06 07:54 - 00000687 _____ () C:\awh81A.tmp
2014-08-06 07:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-06 07:26 - 2014-08-06 07:26 - 00000687 _____ () C:\awh4AE4.tmp
2014-08-05 09:20 - 2010-12-20 13:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 11:22 - 2014-08-04 11:22 - 00000687 _____ () C:\awh2D46.tmp
2014-08-04 07:32 - 2014-08-04 07:32 - 00000687 _____ () C:\awhCDC9.tmp
2014-08-04 07:09 - 2014-08-04 07:09 - 00000687 _____ () C:\awh6C78.tmp
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-08-02 13:26 - 2014-08-02 13:26 - 00000687 _____ () C:\awh4FB5.tmp
2014-08-01 01:41 - 2014-08-13 13:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 13:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 08:44 - 2014-07-31 08:44 - 00000687 _____ () C:\awh5292.tmp
2014-07-30 20:23 - 2014-07-30 20:23 - 00000687 _____ () C:\awhAD4E.tmp
2014-07-30 08:25 - 2014-07-30 08:25 - 00000687 _____ () C:\awh3957.tmp
2014-07-29 09:11 - 2014-07-29 09:11 - 00000687 _____ () C:\awh4587.tmp
2014-07-29 09:07 - 2010-06-08 23:31 - 00003282 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-07-29 08:15 - 2014-07-29 08:15 - 00000000 ____D () C:\Users\Norman\AppData\Local\com
2014-07-29 08:11 - 2014-07-29 08:11 - 00001021 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-07-29 08:10 - 2014-07-29 08:10 - 00000687 _____ () C:\awh1812.tmp
2014-07-29 08:09 - 2014-07-29 08:09 - 01505024 _____ () C:\Users\Norman\Downloads\Player Setup.exe
2014-07-28 20:24 - 2014-07-29 08:11 - 04795904 _____ () C:\Windows\score.exe
2014-07-28 07:13 - 2014-07-28 07:13 - 00000687 _____ () C:\awh17F2.tmp
2014-07-27 20:10 - 2014-07-27 20:10 - 00000687 _____ () C:\awh63A2.tmp
2014-07-27 18:56 - 2014-07-27 18:56 - 00000687 _____ () C:\awh5C71.tmp
2014-07-27 11:26 - 2014-07-27 11:26 - 00000687 _____ () C:\awh26C1.tmp
2014-07-26 12:38 - 2014-07-26 12:38 - 00000687 _____ () C:\awh6315.tmp
2014-07-25 17:47 - 2014-07-25 17:47 - 00000687 _____ () C:\awh1525.tmp
2014-07-25 16:52 - 2014-08-13 13:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 13:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 13:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 13:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 13:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 13:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 13:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 13:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 13:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 13:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 13:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 13:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 13:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 13:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 13:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 13:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 13:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 13:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 13:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 13:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 13:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 13:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 13:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 13:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 13:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 13:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 13:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 13:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 13:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 13:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 13:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 13:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 13:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 13:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 13:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 13:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 13:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 13:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 13:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 13:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 13:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 13:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 13:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 13:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 13:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 13:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 13:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 13:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 07:50 - 2014-07-25 07:50 - 00000687 _____ () C:\awh20F7.tmp
2014-07-24 18:49 - 2014-07-24 18:49 - 00000687 _____ () C:\awh7FC9.tmp
2014-07-24 08:47 - 2014-07-24 08:47 - 00000687 _____ () C:\awh3C06.tmp
2014-07-24 08:42 - 2013-03-15 08:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 08:42 - 2010-10-13 17:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 08:29 - 2013-03-16 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 15:25 - 2014-05-30 09:59 - 00000000 ____D () C:\Windows\rescache
2014-07-23 08:18 - 2014-07-23 08:18 - 00000687 _____ () C:\awh15E0.tmp

Some content of TEMP:
====================
C:\Users\Norman\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 15:18

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 22.08.2014 22:33

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

RNob 24.08.2014 09:35
Hallo Schrauber,

anbei die Ergebnisse der Arbeiten. Chrome lässt sich öffnen. Internet geht also.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ae1d292f3dfd574e87df0753b1fd3aca
# engine=19793
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-23 10:54:40
# local_time=2014-08-23 12:54:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 101460 160421130 0 0
# scanned=334612
# found=58
# cleaned=52
# scan_time=11810
sh=4CDA0AD56BE52C0AE43D740DA43FAC7BF0A1B8A7 ft=1 fh=c71c001166655e77 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="C:\Users\All Users\cosstminn\OYLzBg7.exe"
sh=FF2F9741F38C6294FE7EB6C4B23AF5DBC5F46BBC ft=1 fh=d421524a365e435c vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\AppPatch\spbin\cltmng.exe"
sh=9BA475AA65F25682779E0066864C49C37BC178FA ft=1 fh=ccaa2464deb92942 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\AppPatch\spbin\SPTool64.exe"
sh=0A895D6ECBE189AE338869C76CA5FC59D6C9323F ft=1 fh=66a85591cccc8785 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\AppPatch\spbin\SPVC32.dll"
sh=19E4A14C324EC5706BDD7C0BA3D1A8C9503AEEF4 ft=1 fh=b222439f7f1d3364 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\AppPatch\spbin\SPVC64.dll"
sh=7BF198E10E88B4EE54D25DD8EA1C82BCDDEEF927 ft=1 fh=b12b371d4b4f5f42 vn="Variante von Win32/RiskWare.NetFilter.B Anwendung" ac=I fn="C:\Windows\SysWOW64\hfnapi.dll"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Norman\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Norman\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Norman\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=B9ADAE26DB5DC026EEDBEDEE486EE374210395EB ft=1 fh=c2b4ea1ffd4d1511 vn="Win32/VOPackage.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Norman\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=430C5C8EA0AA40ECD96968812C6664A4312CFAF5 ft=1 fh=6e5ef8d9fe0720b4 vn="Variante von Win32/RiskWare.NetFilter.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\hfpapi.dll.vir"
sh=A6A72999AC2306CF58ECDF7A69C270B8CAE1F5A9 ft=1 fh=c71c0011202c046b vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\cosstminn\aNRyUr.dll"
sh=3D18FAADFB6E63B1C4F010BF0B76744A50BFDE65 ft=1 fh=734f1bc344a1a9e8 vn="Variante von Win64/Adware.MultiPlug.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\cosstminn\aNRyUr.x64.dll"
sh=2D17D10760F697BCD872653FEC45DF465B50DCF2 ft=1 fh=04754d41ddfc3cea vn="Variante von Win32/AdWare.EoRezo.AU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\mbot_de_34\mbot_de_34.exe"
sh=1231AFEC38805849FBDBF7D2B4B34DEEB387B821 ft=1 fh=2ceb3ce0de00c6dd vn="Variante von Win32/AdWare.EoRezo.AU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\mbot_de_34\mybestofferstoday_widget.exe"
sh=74E0177FF3F81C427969AD57186E709F86B40D87 ft=1 fh=cdf4822aa79706e4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
sh=A8F3D7C5BBC8347AA7D5B1AD10CBCEB6104C23D1 ft=1 fh=295e6caf528a890e vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll"
sh=3240E81C8D289E0153E62892A1A780C78E1D795E ft=1 fh=60c431af054e4a68 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe"
sh=FF2F9741F38C6294FE7EB6C4B23AF5DBC5F46BBC ft=1 fh=d421524a365e435c vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=9BA475AA65F25682779E0066864C49C37BC178FA ft=1 fh=ccaa2464deb92942 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=0A895D6ECBE189AE338869C76CA5FC59D6C9323F ft=1 fh=66a85591cccc8785 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=19E4A14C324EC5706BDD7C0BA3D1A8C9503AEEF4 ft=1 fh=b222439f7f1d3364 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=B5C2DB37AB6979DB8D1FC7C935075E8AC8ACE9A3 ft=1 fh=f24232d3d25a19ff vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe"
sh=18BB72942239E9453B1F1DD614626D875BCF3C04 ft=1 fh=c71c0011eb43edb3 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Supporter\Supporter.dll"
sh=6007434E9D98E0FFA81201819382E47D42D5DD1B ft=1 fh=c4e548e56c5d9a58 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Supporter\SupporterSvc.dll"
sh=135E3569852A727DC9BF87488605DB9ADBDE0A03 ft=1 fh=c71c0011f39dd73d vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Supporter\Supporter_x64.dll"
sh=4CDA0AD56BE52C0AE43D740DA43FAC7BF0A1B8A7 ft=1 fh=c71c001166655e77 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\cosstminn\OYLzBg7.exe"
sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdgbodaoampohmhmecigaomnjppbplb\13785.340.6094_0\extensionData\plugins\91.js.vir"
sh=58194D24471CA7888FCD01035E5845794FE6AC97 ft=1 fh=c71c00116b12b075 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Norman\AppData\Local\Temp\__tmp_0604b699.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=D75F1677490CBAA8321818621868D64C5DF84CAB ft=1 fh=c71c001129078e71 vn="Variante von Win32/Amonetize.BE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\29436\a22952.exe"
sh=D6D99E7CDFC04B72FB3CC1004DC5B67221AFC3F4 ft=1 fh=d951409f51703342 vn="Variante von Win32/Adware.EoRezo.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\mbot_de_34\upmbot_de_34.exe"
sh=08AFC3F18F4156F15F5380628C9C916188292088 ft=1 fh=ceff2f44e707aaab vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\mbot_de_34\Download\majmbot_gentlemg.exe"
sh=7D835A29714923E4FA0828D9533FDB58529461D5 ft=1 fh=588f501a5d66e9e7 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9T3ZMMF2\spstub[1].exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKB80TZ2\sp-downloader[1].exe"
sh=AD3249181345541EE9239CC9F656D6E2674E78AC ft=1 fh=84ef7f780c418ce1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKB80TZ2\SPSetup[1].exe"
sh=28491F4EF4A236129522D2DCD582D9B1ECC0211C ft=1 fh=c71c00118fafe4a2 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\18be6784_.exe"
sh=D53EEB214E6D2585A104AA4B72CCF7785BEFEA86 ft=1 fh=b74a1aef38916952 vn="Variante von Win32/AdWare.MultiPlug.BU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\294823_.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\nsnACF6.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\nsnD7A1.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\nsnDC34.exe"
sh=AD3249181345541EE9239CC9F656D6E2674E78AC ft=1 fh=84ef7f780c418ce1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\nsx6E20.tmp"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\nsxA93D.exe"
sh=6A620487A3C1A1690FC66F92BC01035E35656A1E ft=1 fh=85cd99bda5e2e404 vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\is-7N42R.tmp\package_costmin_installer_multilang.exe"
sh=D0CE12FEE273B009B0CD877528931AC5C0CFEBD7 ft=1 fh=938299dfc3edeb90 vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\is-7N42R.tmp\package_secprotwhite_installer_multilang.exe"
sh=788AD4AEEC33772C786C7C45F261D5995CBDCFE9 ft=1 fh=119800afb59d04f7 vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Local\Temp\is-BPKRD.tmp\gentlemjmbot_img.exe"
sh=502D74A96065A471FAA12E30E85E8DCBAFA3A447 ft=1 fh=aa0497a2b71c6df7 vn="Variante von Win32/RiskWare.Astori.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Roaming\InetStat\inetstat.exe"
sh=1B935276B14854E7E698D195CE39DCEF2E7F69A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Roaming\Opera Software\Opera Stable\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf\1.26.20_0\extensionData\plugins\91.js"
sh=3642D1CD926F8106F134B15EF8229ECC1CFF1E36 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\AppData\Roaming\Opera Software\Opera Stable\Extensions\pdjjjmnacfjnmgckbhldbekckfldeolk\1.26.34_0\extensionData\plugins\91.js"
sh=1D814EA403A946B40CC0A6A261B2387880D6B547 ft=1 fh=ff0bc5a908f5ad94 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\Documents\Downloads\Integrated_BrotherSoft_TB.exe"
sh=1163FE41FB337B75058F0445B67EF5B5D003A91D ft=1 fh=d3015bd6e6977bc3 vn="Variante von Win32/SoftPulse.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\Downloads\Player Setup.exe"
sh=2C963B150FD292E88DCE4A002E2D2DC05652D7E3 ft=1 fh=6e9637a1767a7939 vn="Variante von Win32/SoftPulse.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Norman\Downloads\Setup(1).exe"
sh=7D6E1A8BEDCE8A1C9289391431A19ADF2F8CDF65 ft=1 fh=70a5be052544decd vn="Variante von Win32/Amonetize.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Public\F12FF6D4209A4538A4D404E99346737D\setup.exe"
sh=CCAFEDA054837453469D588C04CEE33530777F2C ft=1 fh=2a4276702961c0a4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll"
sh=7BF198E10E88B4EE54D25DD8EA1C82BCDDEEF927 ft=1 fh=b12b371d4b4f5f42 vn="Variante von Win32/RiskWare.NetFilter.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\hfnapi.dll"
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 9 
 Java version out of Date!
 Adobe Flash Player 14.0.0.145 
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 36.0.1985.125 
 Google Chrome 36.0.1985.143 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014
Ran by Norman (administrator) on ROBERT on 24-08-2014 10:17:14
Running from C:\Users\Norman\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Windows\score.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-420645628-1813877703-113317616-1001\...\Run: [GoogleChromeAutoLaunch_29B69EEE740A47DF7549CA7579BEBBEF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [95848 2010-03-27] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MB9C1525F-C014-482C-A126-A8B46F86BD95&SearchSource=55&CUI=&UM=2&UP=SP01AC27F3-44D7-464B-8637-A910656DD34E&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default
FF NewTab: about:home
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Extension: Widget context - C:\Users\Norman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-05]
FF Extension: No Name - C:\Users\Norman\AppData\Roaming\Mozilla\Firefox\Profiles\riiyz2xl.default\Extensions\staged [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon

Chrome:
=======
CHR HomePage: hxxp://start.androidnewtab.com/?1=1__PARAM__
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MB9C1525F-C014-482C-A126-A8B46F86BD95&SearchSource=55&CUI=&UM=2&UP=SP01AC27F3-44D7-464B-8637-A910656DD34E&SSPV="
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultSearchURL: hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MB9C1525F-C014-482C-A126-A8B46F86BD95&SearchSource=58&CUI=&UM=2&UP=SP01AC27F3-44D7-464B-8637-A910656DD34E&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (Web Search) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\canneacfbhohinchadcbleedjidnpejc [2014-08-04]
CHR Extension: (Super Tab Homepage) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchedanbhebbgjmnhcpmpcniijnfbdha [2014-08-04]
CHR Extension: (Super Tab) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdbehjiieocihhncnaggngbccgdcpo [2014-08-04]
CHR Extension: (cosstminn) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlkggcpobdmjbfoamcgdbbgiefbnifg [2014-08-23]
CHR Extension: (Extutil) - C:\Users\Norman\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-23]
CHR Extension: (Managera) - C:\Users\Norman\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-23]
CHR Extension: (cosstminn) - C:\Users\Norman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlkggcpobdmjbfoamcgdbbgiefbnifg\2.0 [2014-08-23]
CHR HKLM-x32\...\Chrome\Extension: [bciilgdpfoijonnahfpinfnhpckkokna] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home9526\ch\MediaWatchV1home9526.crx []
CHR HKLM-x32\...\Chrome\Extension: [ejdbaenpnnpklfljeihebmljibepmimo] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7295\ch\MediaBuzzV1mode7295.crx []
CHR HKLM-x32\...\Chrome\Extension: [ldjojcbkmecbbllcopnbbkanahggohkj] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha6977\ch\TrustMediaViewerV1alpha6977.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2012-08-13] (Puran Software) [File not signed]
R2 scores; C:\Windows\score.exe [4795904 2014-07-28] () [File not signed]
S3 Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2012-01-17] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-30] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Users\Norman\Desktop\FRST-OlderVersion
2014-08-23 21:29 - 2014-08-23 21:29 - 00000897 _____ () C:\Users\Norman\Desktop\checkup.txt
2014-08-23 13:01 - 2014-08-23 13:02 - 00854417 _____ () C:\Users\Norman\Desktop\SecurityCheck.exe
2014-08-23 09:27 - 2014-08-23 09:27 - 02347384 _____ (ESET) C:\Users\Norman\Desktop\esetsmartinstaller_deu.exe
2014-08-23 08:41 - 2014-08-23 21:04 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-08-23 08:41 - 2014-08-23 12:51 - 00000000 ____D () C:\ProgramData\cosstminn
2014-08-23 08:41 - 2014-08-23 12:50 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\SearchProtect
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Packages
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-22 09:35 - 2014-08-24 10:17 - 00019700 _____ () C:\Users\Norman\Desktop\FRST.txt
2014-08-22 09:32 - 2014-08-23 12:54 - 00000000 ____D () C:\Users\Public\F12FF6D4209A4538A4D404E99346737D
2014-08-22 09:32 - 2014-08-23 12:51 - 00000000 ____D () C:\Users\Norman\AppData\Local\mbot_de_34
2014-08-22 09:32 - 2014-08-23 12:51 - 00000000 ____D () C:\Users\Norman\AppData\Local\29436
2014-08-22 09:32 - 2014-08-23 12:50 - 00000000 ____D () C:\Program Files (x86)\mbot_de_34
2014-08-22 09:32 - 2014-08-22 09:32 - 00001540 _____ () C:\Users\Norman\Desktop\JRT.txt
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Public\E65A5EE0490A42C5824668D5555831B4
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:26 - 2014-08-22 09:26 - 00042941 _____ () C:\Users\Norman\Desktop\AdwCleaner[S0].txt
2014-08-22 09:26 - 2014-08-22 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 09:22 - 2014-08-23 21:04 - 00001396 _____ () C:\Windows\PFRO.log
2014-08-22 09:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-22 09:17 - 2014-08-22 09:21 - 00000000 ____D () C:\AdwCleaner
2014-08-22 09:17 - 2014-08-22 09:17 - 00001153 _____ () C:\Users\Norman\Desktop\mbam.txt
2014-08-22 09:00 - 2014-08-24 10:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 09:00 - 2014-08-22 09:00 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 09:00 - 2014-08-22 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 09:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-22 08:54 - 2014-08-22 08:54 - 01016261 _____ (Thisisu) C:\Users\Norman\Desktop\JRT.exe
2014-08-22 08:52 - 2014-08-22 08:53 - 01364531 _____ () C:\Users\Norman\Desktop\adwcleaner_3.308.exe
2014-08-22 08:50 - 2014-08-22 08:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\Users\Norman\Desktop\Combofix.txt
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\ComboFix.txt
2014-08-21 10:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-21 10:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-21 10:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-21 10:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-21 10:28 - 2014-08-21 11:24 - 00000000 ____D () C:\Qoobox
2014-08-21 10:28 - 2014-08-21 11:22 - 00000000 ____D () C:\Windows\erdnt
2014-08-21 10:27 - 2014-08-21 10:22 - 05572251 ____R (Swearware) C:\Users\Norman\Desktop\ComboFix.exe
2014-08-21 09:23 - 2014-08-21 09:23 - 00000000 ____D () C:\Program Files (x86)\CooiLSalEECoUpon
2014-08-21 09:10 - 2014-08-21 09:10 - 00001266 _____ () C:\Users\Norman\Desktop\Revo Uninstaller.lnk
2014-08-21 09:10 - 2014-08-21 09:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-21 09:03 - 2014-08-21 09:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Norman\Desktop\revosetup95.exe
2014-08-20 12:03 - 2014-08-20 12:03 - 00500552 _____ () C:\Windows\Minidump\082014-323405-01.dmp
2014-08-20 10:50 - 2014-08-20 10:50 - 00014075 _____ () C:\Users\Norman\Desktop\Gmer.log
2014-08-20 10:31 - 2014-08-20 10:31 - 00044706 _____ () C:\Users\Norman\Desktop\Addition.txt
2014-08-20 10:27 - 2014-08-24 10:17 - 00000000 ____D () C:\FRST
2014-08-20 10:21 - 2014-08-20 10:21 - 00000584 _____ () C:\Users\Norman\Desktop\defogger_disable.log
2014-08-20 10:21 - 2014-08-20 10:21 - 00000020 _____ () C:\Users\Norman\defogger_reenable
2014-08-20 10:19 - 2014-08-20 10:19 - 00380416 _____ () C:\Users\Norman\Desktop\Gmer-19357.exe
2014-08-20 10:18 - 2014-08-24 10:16 - 02103296 _____ (Farbar) C:\Users\Norman\Desktop\FRST64.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 00050477 _____ () C:\Users\Norman\Desktop\Defogger.exe
2014-08-20 10:02 - 2014-08-20 10:02 - 00096430 _____ () C:\Users\Norman\Desktop\Extras.Txt
2014-08-20 09:59 - 2014-08-20 09:59 - 00142852 _____ () C:\Users\Norman\Desktop\OTL.Txt
2014-08-20 09:38 - 2014-08-20 09:38 - 00602112 _____ (OldTimer Tools) C:\Users\Norman\Desktop\otl.exe
2014-08-18 12:20 - 2014-08-23 08:41 - 00000000 ____D () C:\ProgramData\8e27c8f07b9e9861
2014-08-17 13:50 - 2014-08-17 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-14 08:32 - 2014-08-14 08:32 - 01058200 _____ (Adobe) C:\Users\Norman\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-08-13 14:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 14:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 14:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 14:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 14:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 14:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 14:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 14:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 13:15 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 13:15 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 13:14 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 13:14 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 13:14 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 13:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 13:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 13:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 13:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 13:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 13:12 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 13:12 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 13:12 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 13:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 13:12 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 13:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:11 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 13:11 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 13:11 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 13:11 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 13:11 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 13:11 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 13:11 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 13:11 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 13:11 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 13:11 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 13:11 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 13:11 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 13:11 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 13:11 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 13:11 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 13:11 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 13:11 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 13:11 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 13:11 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:11 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 13:11 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 13:11 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 13:11 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:11 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:11 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 13:11 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:11 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 13:11 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 13:11 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 13:11 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 13:11 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 13:11 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 13:11 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 13:11 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 13:11 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 13:11 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 13:11 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 13:11 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 13:11 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:11 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 13:11 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 13:11 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 13:11 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 13:11 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 13:11 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 13:11 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 13:11 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 13:11 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 13:11 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:11 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 13:11 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 13:11 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 13:11 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 13:11 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 13:11 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 13:11 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 13:05 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 13:05 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 13:05 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-13 13:05 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-13 13:05 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-13 13:05 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-13 13:04 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 13:04 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 12:59 - 2014-08-06 13:00 - 00000000 ____D () C:\Users\Norman\Downloads\FM 2013
2014-08-06 12:59 - 2014-08-06 12:59 - 00921280 _____ () C:\Users\Norman\Downloads\FM 2013.rar
2014-08-06 12:59 - 2014-08-06 12:59 - 00183405 _____ () C:\Users\Norman\Downloads\FM2013 1.jpeg
2014-08-06 08:02 - 2014-08-22 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 08:02 - 2014-08-13 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 08:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 08:00 - 2014-08-06 08:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-06 08:00 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 07:54 - 2014-08-06 07:54 - 00000687 _____ () C:\awh81A.tmp
2014-08-06 07:44 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-06 07:44 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-06 07:44 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-06 07:44 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-06 07:44 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-06 07:44 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-06 07:44 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-06 07:44 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-06 07:44 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-06 07:44 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-06 07:44 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-06 07:44 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-06 07:44 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-06 07:44 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-06 07:44 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-06 07:44 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-06 07:42 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-06 07:42 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-06 07:42 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-06 07:42 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-06 07:41 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-06 07:41 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-06 07:40 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-06 07:40 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-06 07:26 - 2014-08-06 07:26 - 00000687 _____ () C:\awh4AE4.tmp
2014-08-04 11:22 - 2014-08-04 11:22 - 00000687 _____ () C:\awh2D46.tmp
2014-08-04 07:32 - 2014-08-04 07:32 - 00000687 _____ () C:\awhCDC9.tmp
2014-08-04 07:09 - 2014-08-04 07:09 - 00000687 _____ () C:\awh6C78.tmp
2014-08-02 13:29 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 13:29 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 13:29 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 13:29 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 13:29 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 13:29 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 13:29 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 13:29 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 13:29 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 13:29 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 13:26 - 2014-08-02 13:26 - 00000687 _____ () C:\awh4FB5.tmp
2014-07-31 08:56 - 2014-08-20 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 08:44 - 2014-07-31 08:44 - 00000687 _____ () C:\awh5292.tmp
2014-07-30 20:23 - 2014-07-30 20:23 - 00000687 _____ () C:\awhAD4E.tmp
2014-07-30 08:25 - 2014-07-30 08:25 - 00000687 _____ () C:\awh3957.tmp
2014-07-29 09:11 - 2014-07-29 09:11 - 00000687 _____ () C:\awh4587.tmp
2014-07-29 08:15 - 2014-07-29 08:15 - 00000000 ____D () C:\Users\Norman\AppData\Local\com
2014-07-29 08:11 - 2014-07-29 08:11 - 00001021 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-07-29 08:11 - 2014-07-28 20:24 - 04795904 _____ () C:\Windows\score.exe
2014-07-29 08:10 - 2014-07-29 08:10 - 00000687 _____ () C:\awh1812.tmp
2014-07-28 07:13 - 2014-07-28 07:13 - 00000687 _____ () C:\awh17F2.tmp
2014-07-27 20:10 - 2014-07-27 20:10 - 00000687 _____ () C:\awh63A2.tmp
2014-07-27 18:56 - 2014-07-27 18:56 - 00000687 _____ () C:\awh5C71.tmp
2014-07-27 11:26 - 2014-07-27 11:26 - 00000687 _____ () C:\awh26C1.tmp
2014-07-26 12:38 - 2014-07-26 12:38 - 00000687 _____ () C:\awh6315.tmp
2014-07-25 17:47 - 2014-07-25 17:47 - 00000687 _____ () C:\awh1525.tmp
2014-07-25 07:50 - 2014-07-25 07:50 - 00000687 _____ () C:\awh20F7.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 10:19 - 2014-08-22 09:35 - 00019700 _____ () C:\Users\Norman\Desktop\FRST.txt
2014-08-24 10:17 - 2014-08-20 10:27 - 00000000 ____D () C:\FRST
2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Users\Norman\Desktop\FRST-OlderVersion
2014-08-24 10:16 - 2014-08-20 10:18 - 02103296 _____ (Farbar) C:\Users\Norman\Desktop\FRST64.exe
2014-08-24 10:14 - 2014-08-22 09:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 10:12 - 2010-06-08 23:07 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 10:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 10:12 - 2009-07-14 06:51 - 00420091 _____ () C:\Windows\setupact.log
2014-08-23 21:53 - 2010-06-08 22:48 - 01762783 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 21:51 - 2011-07-03 19:09 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-08-23 21:46 - 2012-11-17 13:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 21:35 - 2010-06-08 23:07 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 21:29 - 2014-08-23 21:29 - 00000897 _____ () C:\Users\Norman\Desktop\checkup.txt
2014-08-23 21:14 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 21:14 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 21:06 - 2009-07-14 06:45 - 00435744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 21:04 - 2014-08-23 08:41 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-08-23 21:04 - 2014-08-22 09:22 - 00001396 _____ () C:\Windows\PFRO.log
2014-08-23 13:02 - 2014-08-23 13:01 - 00854417 _____ () C:\Users\Norman\Desktop\SecurityCheck.exe
2014-08-23 12:54 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Public\F12FF6D4209A4538A4D404E99346737D
2014-08-23 12:53 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\InetStat
2014-08-23 12:51 - 2014-08-23 08:41 - 00000000 ____D () C:\ProgramData\cosstminn
2014-08-23 12:51 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Local\mbot_de_34
2014-08-23 12:51 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Local\29436
2014-08-23 12:50 - 2014-08-23 08:41 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-08-23 12:50 - 2014-08-22 09:32 - 00000000 ____D () C:\Program Files (x86)\mbot_de_34
2014-08-23 10:24 - 2012-12-08 11:24 - 00000316 _____ () C:\Windows\Tasks\MT66 Software Update.job
2014-08-23 09:27 - 2014-08-23 09:27 - 02347384 _____ (ESET) C:\Users\Norman\Desktop\esetsmartinstaller_deu.exe
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\SearchProtect
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Packages
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Norman\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Gast
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Users\Administrator
2014-08-23 08:41 - 2014-08-23 08:41 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-23 08:41 - 2014-08-18 12:20 - 00000000 ____D () C:\ProgramData\8e27c8f07b9e9861
2014-08-23 08:41 - 2014-03-11 10:04 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-08-23 08:41 - 2010-10-13 19:14 - 00000000 ____D () C:\Users\Norman\AppData\Local\Google
2014-08-23 08:41 - 2010-06-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-23 08:36 - 2010-06-08 23:31 - 00003322 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-08-22 09:32 - 2014-08-22 09:32 - 00001540 _____ () C:\Users\Norman\Desktop\JRT.txt
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Public\E65A5EE0490A42C5824668D5555831B4
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-08-22 09:26 - 2014-08-22 09:26 - 00042941 _____ () C:\Users\Norman\Desktop\AdwCleaner[S0].txt
2014-08-22 09:26 - 2014-08-22 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 09:21 - 2014-08-22 09:17 - 00000000 ____D () C:\AdwCleaner
2014-08-22 09:21 - 2010-10-14 20:32 - 00000000 ____D () C:\ProgramData\ICQ
2014-08-22 09:21 - 2010-10-13 16:57 - 00000000 ____D () C:\Users\Norman
2014-08-22 09:17 - 2014-08-22 09:17 - 00001153 _____ () C:\Users\Norman\Desktop\mbam.txt
2014-08-22 09:00 - 2014-08-22 09:00 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 09:00 - 2014-08-22 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:00 - 2014-08-06 08:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 08:54 - 2014-08-22 08:54 - 01016261 _____ (Thisisu) C:\Users\Norman\Desktop\JRT.exe
2014-08-22 08:53 - 2014-08-22 08:52 - 01364531 _____ () C:\Users\Norman\Desktop\adwcleaner_3.308.exe
2014-08-22 08:51 - 2014-08-22 08:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\Users\Norman\Desktop\Combofix.txt
2014-08-21 11:24 - 2014-08-21 11:24 - 00047594 _____ () C:\ComboFix.txt
2014-08-21 11:24 - 2014-08-21 10:28 - 00000000 ____D () C:\Qoobox
2014-08-21 11:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-21 11:22 - 2014-08-21 10:28 - 00000000 ____D () C:\Windows\erdnt
2014-08-21 11:21 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-21 10:41 - 2009-07-14 04:34 - 97255424 _____ () C:\Windows\system32\config\software.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 25952256 _____ () C:\Windows\system32\config\system.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-21 10:41 - 2009-07-14 04:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-08-21 10:22 - 2014-08-21 10:27 - 05572251 ____R (Swearware) C:\Users\Norman\Desktop\ComboFix.exe
2014-08-21 09:23 - 2014-08-21 09:23 - 00000000 ____D () C:\Program Files (x86)\CooiLSalEECoUpon
2014-08-21 09:10 - 2014-08-21 09:10 - 00001266 _____ () C:\Users\Norman\Desktop\Revo Uninstaller.lnk
2014-08-21 09:10 - 2014-08-21 09:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-21 09:04 - 2014-08-21 09:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Norman\Desktop\revosetup95.exe
2014-08-20 12:03 - 2014-08-20 12:03 - 00500552 _____ () C:\Windows\Minidump\082014-323405-01.dmp
2014-08-20 12:03 - 2011-01-24 13:33 - 00000000 ____D () C:\Windows\Minidump
2014-08-20 10:50 - 2014-08-20 10:50 - 00014075 _____ () C:\Users\Norman\Desktop\Gmer.log
2014-08-20 10:37 - 2012-10-31 13:04 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-08-20 10:31 - 2014-08-20 10:31 - 00044706 _____ () C:\Users\Norman\Desktop\Addition.txt
2014-08-20 10:21 - 2014-08-20 10:21 - 00000584 _____ () C:\Users\Norman\Desktop\defogger_disable.log
2014-08-20 10:21 - 2014-08-20 10:21 - 00000020 _____ () C:\Users\Norman\defogger_reenable
2014-08-20 10:19 - 2014-08-20 10:19 - 00380416 _____ () C:\Users\Norman\Desktop\Gmer-19357.exe
2014-08-20 10:16 - 2014-08-20 10:16 - 00050477 _____ () C:\Users\Norman\Desktop\Defogger.exe
2014-08-20 10:02 - 2014-08-20 10:02 - 00096430 _____ () C:\Users\Norman\Desktop\Extras.Txt
2014-08-20 09:59 - 2014-08-20 09:59 - 00142852 _____ () C:\Users\Norman\Desktop\OTL.Txt
2014-08-20 09:38 - 2014-08-20 09:38 - 00602112 _____ (OldTimer Tools) C:\Users\Norman\Desktop\otl.exe
2014-08-20 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-20 09:19 - 2014-07-31 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-20 09:07 - 2012-04-18 10:29 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-08-20 09:07 - 2011-01-09 18:46 - 00000000 ____D () C:\Users\Norman\AppData\Roaming\vlc
2014-08-20 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-19 08:09 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-08-18 07:40 - 2009-08-04 11:51 - 01760266 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 07:40 - 2009-08-04 11:51 - 00488386 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 07:40 - 2009-07-14 07:13 - 00006492 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 13:50 - 2014-08-17 13:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-08-16 10:47 - 2014-06-19 14:23 - 00000000 ____D () C:\temp
2014-08-14 08:32 - 2014-08-14 08:32 - 01058200 _____ (Adobe) C:\Users\Norman\Downloads\install_flashplayer14x32au_mssa_aaa_aih.exe
2014-08-14 08:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 20:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 14:23 - 2011-01-20 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 14:13 - 2013-08-13 09:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 14:09 - 2010-10-13 17:55 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 14:00 - 2014-05-06 23:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 12:46 - 2014-08-06 08:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 12:46 - 2011-01-20 11:10 - 00000000 ____D () C:\Users\Norman\AppData\Local\Microsoft Help
2014-08-07 04:06 - 2014-08-13 13:04 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 13:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 13:00 - 2014-08-06 12:59 - 00000000 ____D () C:\Users\Norman\Downloads\FM 2013
2014-08-06 12:59 - 2014-08-06 12:59 - 00921280 _____ () C:\Users\Norman\Downloads\FM 2013.rar
2014-08-06 12:59 - 2014-08-06 12:59 - 00183405 _____ () C:\Users\Norman\Downloads\FM2013 1.jpeg
2014-08-06 12:30 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-08-06 12:25 - 2014-03-11 10:15 - 00000000 ____D () C:\Windows\SysWOW64\dfrg
2014-08-06 12:01 - 2010-06-08 23:31 - 00001711 _____ () C:\Windows\system32\ServiceFilter.ini
2014-08-06 08:01 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-06 08:00 - 2014-08-06 08:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Norman\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 07:54 - 2014-08-06 07:54 - 00000687 _____ () C:\awh81A.tmp
2014-08-06 07:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-06 07:26 - 2014-08-06 07:26 - 00000687 _____ () C:\awh4AE4.tmp
2014-08-05 09:20 - 2010-12-20 13:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 11:22 - 2014-08-04 11:22 - 00000687 _____ () C:\awh2D46.tmp
2014-08-04 07:32 - 2014-08-04 07:32 - 00000687 _____ () C:\awhCDC9.tmp
2014-08-04 07:09 - 2014-08-04 07:09 - 00000687 _____ () C:\awh6C78.tmp
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-08-02 13:30 - 2014-06-19 14:24 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-08-02 13:26 - 2014-08-02 13:26 - 00000687 _____ () C:\awh4FB5.tmp
2014-08-01 01:41 - 2014-08-13 13:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 13:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 08:44 - 2014-07-31 08:44 - 00000687 _____ () C:\awh5292.tmp
2014-07-30 20:23 - 2014-07-30 20:23 - 00000687 _____ () C:\awhAD4E.tmp
2014-07-30 08:25 - 2014-07-30 08:25 - 00000687 _____ () C:\awh3957.tmp
2014-07-29 09:11 - 2014-07-29 09:11 - 00000687 _____ () C:\awh4587.tmp
2014-07-29 08:15 - 2014-07-29 08:15 - 00000000 ____D () C:\Users\Norman\AppData\Local\com
2014-07-29 08:11 - 2014-07-29 08:11 - 00001021 _____ () C:\Users\UpdatusUser\Desktop\PepperZip.lnk
2014-07-29 08:10 - 2014-07-29 08:10 - 00000687 _____ () C:\awh1812.tmp
2014-07-28 20:24 - 2014-07-29 08:11 - 04795904 _____ () C:\Windows\score.exe
2014-07-28 07:13 - 2014-07-28 07:13 - 00000687 _____ () C:\awh17F2.tmp
2014-07-27 20:10 - 2014-07-27 20:10 - 00000687 _____ () C:\awh63A2.tmp
2014-07-27 18:56 - 2014-07-27 18:56 - 00000687 _____ () C:\awh5C71.tmp
2014-07-27 11:26 - 2014-07-27 11:26 - 00000687 _____ () C:\awh26C1.tmp
2014-07-26 12:38 - 2014-07-26 12:38 - 00000687 _____ () C:\awh6315.tmp
2014-07-25 17:47 - 2014-07-25 17:47 - 00000687 _____ () C:\awh1525.tmp
2014-07-25 16:52 - 2014-08-13 13:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-13 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-13 13:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-13 13:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-13 13:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-13 13:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-13 13:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-13 13:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-13 13:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-13 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-13 13:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-13 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-13 13:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-13 13:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-13 13:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-13 13:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-13 13:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-13 13:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-13 13:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-13 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-13 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-13 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-13 13:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-13 13:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-13 13:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-13 13:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-13 13:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-13 13:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-13 13:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-13 13:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-13 13:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-13 13:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-13 13:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-13 13:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-13 13:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-13 13:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-13 13:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-13 13:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-13 13:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-13 13:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-13 13:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-13 13:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-13 13:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-13 13:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-13 13:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-13 13:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-13 13:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-13 13:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-13 13:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-13 13:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-13 13:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-13 13:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-13 13:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-13 13:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-25 07:50 - 2014-07-25 07:50 - 00000687 _____ () C:\awh20F7.tmp

Some content of TEMP:
====================
C:\Users\Norman\AppData\Local\Temp\dlLogic.exe
C:\Users\Norman\AppData\Local\Temp\dltr.exe
C:\Users\Norman\AppData\Local\Temp\GCVerifier.dll
C:\Users\Norman\AppData\Local\Temp\Quarantine.exe
C:\Users\Norman\AppData\Local\Temp\verifier.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 15:18

==================== End Of Log ============================
--- --- ---

--- --- ---


Wenn ich Chrome öffne, dann habe ich trotzdem gleich Werbung. Sonst scheint aber alles okay zu sein.

MfG, Robert

schrauber 24.08.2014 10:20
Java und ADobe updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Frisches FRST log bitte.

RNob 03.09.2014 10:17
Hallo Schrauber,

wie ist nun weiter zu verfahren?

MfG, Robert

schrauber 03.09.2014 20:49
meinen letzten Post gesehen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131