Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Langsame Downloadgeschwindigkeit bei einem Laptop bei 50MBit/s und LAN - Bluescreen (https://www.trojaner-board.de/165671-langsame-downloadgeschwindigkeit-laptop-50mbit-s-lan-bluescreen.html)

gerchla1 02.04.2015 11:47
Bin jetzt gerade dabei meine Sicherung wieder einzuspielen.
Muss ich die Schritte alle nochmal durchgehen mit den Logs?

cosinus 02.04.2015 12:31
Hängt davon was du alles genau gemacht. "Sicherung einspielen" kann alles mögliche sein, jeder versteht da was anderes drunter. Hast du leider nicht beschrieben was du genau gemacht hast. Ebenso fehlt immer noch ne klare Ansage ob du jetzt das gecrackte Office entfernt hast oder nicht.

gerchla1 02.04.2015 13:29
Gecrackte Version ist deinstalliert. Neu Version installiert und die Outlook Sicherung eingespielt.

cosinus 02.04.2015 13:48
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

gerchla1 02.04.2015 13:56
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MB (administrator) on MB-PC on 02-04-2015 14:52:45
Running from C:\Users\MB\Downloads
Loaded Profiles: MB (Available profiles: MB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pplinks.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\ppscanmg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-21] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-04] (AVAST Software)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6160152 2014-05-20] (Piriform Ltd)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M3C7F9957-B7F5-4DF2-AC95-E4D8FCD6477C&SearchSource=55&CUI=&UM=5&UP=SPCE6FD9A2-8FB2-4E0A-8789-0E768093C3E1&SSPV=
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=80f6a4bc00000000000090004e43e858
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb188/?search={searchTerms}&loc=IB_DS&a=6PQM1AkM6F&i=26
SearchScopes: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4112_7&babsrc=SP_clro&mntrId=80f6a4bc00000000000090004e43e858
SearchScopes: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb188/?search={searchTerms}&loc=IB_DS&a=6PQM1AkM6F&i=26
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-09-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-09-04] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default
FF NewTab: https://www.google.de/search?q=
FF SearchEngineOrder.1: Claro Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1125036280-3562319748-3601731155-1000: @citrixonline.com/appdetectorplugin -> C:\Users\MB\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-25] (Citrix Online)
FF user.js: detected! => C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\user.js [2012-10-08]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\MB\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-03-06] (Cisco WebEx LLC)
FF Extension: GraphOn GO-Global - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\Extensions\support@graphon.com [2014-11-24]
FF Extension: Onlinestarter - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\Extensions\webmaster@biss-net.com [2014-02-18]
FF Extension: FlashGot - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-07-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-11-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-10]

Chrome:
=======
CHR Profile: C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-05]
CHR Extension: (Google Search) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-05]
CHR Extension: (avast! WebRep) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-04-18]
CHR Extension: (Gmail) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-05]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-09-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-04] (AVAST Software)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2011-11-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PCSUService; C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe [235232 2011-11-07] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-04] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-01-29] (Windows (R) 2003 DDK 3790 provider)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 14:44 - 2015-04-02 14:44 - 00000165 ____H () C:\Users\MB\Desktop\~$Umsatzliste_Neu.xlsx
2015-04-02 13:19 - 2015-04-02 13:19 - 00000782 _____ () C:\Users\MB\Desktop\Fehlermeldung bei Rücksicherung_Outlook_02042015.txt
2015-04-02 12:19 - 2015-04-02 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-04-02 12:19 - 2015-04-02 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-02 12:17 - 2015-04-02 12:17 - 00000000 ____D () C:\windows\PCHEALTH
2015-04-02 12:17 - 2015-04-02 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-04-02 12:14 - 2015-04-02 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-04-02 12:11 - 2015-04-02 12:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-04-02 12:07 - 2015-04-02 12:07 - 00000000 __RHD () C:\MSOCache
2015-04-02 12:05 - 2013-02-16 11:52 - 00000000 ____D () C:\Program Files (x86)\Catalog
2015-04-02 12:05 - 2011-06-22 15:09 - 01100664 _____ (Microsoft Corporation) C:\Program Files (x86)\setup.exe
2015-04-02 12:05 - 2011-05-30 16:37 - 00002010 _____ () C:\Program Files (x86)\README.HTM
2015-04-02 12:04 - 2013-02-16 11:52 - 00000000 ____D () C:\Program Files (x86)\Updates
2015-04-02 12:04 - 2013-02-16 11:52 - 00000000 ____D () C:\Program Files (x86)\ProPlus.WW
2015-04-02 11:41 - 2015-04-02 11:49 - 00000000 ____D () C:\Users\MB\AppData\Roaming\Wise Registry Cleaner
2015-04-02 11:41 - 2015-04-02 11:41 - 00001231 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-04-02 11:41 - 2015-04-02 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-04-02 11:41 - 2015-04-02 11:41 - 00000000 ____D () C:\Program Files (x86)\Wise
2015-04-02 11:40 - 2015-04-02 11:40 - 01203488 _____ () C:\Users\MB\Downloads\Wise Registry Cleaner - CHIP-Installer.exe
2015-04-02 10:32 - 2015-04-02 11:31 - 00000004 _____ () C:\ScrubRetValFile.txt
2015-04-02 10:28 - 2015-04-02 10:28 - 01184256 _____ () C:\Users\MB\Downloads\MicrosoftFixit50450.msi
2015-04-01 18:54 - 2015-04-01 18:54 - 00000000 ____D () C:\Users\MB\Documents\Backups
2015-04-01 18:52 - 2015-04-01 18:52 - 00001193 _____ () C:\Users\MB\Desktop\Outlook Backup Assistant.lnk
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\Users\MB\Downloads\Outlook Backup Assistant 7 (de)
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\Users\MB\Documents\Add-in Express
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priotecs Software
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\Program Files (x86)\Outlook Backup Assistant
2015-04-01 18:50 - 2015-04-01 18:50 - 02697695 _____ () C:\Users\MB\Downloads\Outlook Backup Assistant 7 (de).zip
2015-04-01 18:35 - 2015-04-01 18:35 - 00068541 _____ () C:\Users\MB\Downloads\mailpv_1.83.zip
2015-04-01 18:33 - 2015-04-01 18:33 - 01203488 _____ () C:\Users\MB\Downloads\Mail PassView - CHIP-Installer.exe
2015-03-31 15:04 - 2015-03-31 15:04 - 00000000 ____D () C:\Users\MB\Desktop\Aufräumen PC
2015-03-31 13:22 - 2015-03-31 13:23 - 00045531 _____ () C:\Users\MB\Downloads\Addition.txt
2015-03-31 13:14 - 2015-03-31 13:14 - 00000000 _____ () C:\Users\MB\defogger_reenable
2015-03-31 13:13 - 2015-03-31 13:13 - 00000238 _____ () C:\Users\MB\Downloads\defogger_enable.log
2015-03-31 13:02 - 2015-03-31 13:14 - 00000466 _____ () C:\Users\MB\Downloads\defogger_disable.log
2015-03-31 13:01 - 2015-03-31 13:01 - 00050477 _____ () C:\Users\MB\Downloads\Defogger.exe
2015-03-31 12:06 - 2015-04-02 14:53 - 00030408 _____ () C:\Users\MB\Downloads\FRST.txt
2015-03-31 12:05 - 2015-04-02 14:52 - 00000000 ____D () C:\FRST
2015-03-31 12:05 - 2015-03-31 12:05 - 02095616 _____ (Farbar) C:\Users\MB\Downloads\FRST64.exe
2015-03-30 15:58 - 2015-04-02 13:13 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 15:58 - 2015-03-30 15:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 15:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-30 15:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-25 09:41 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-25 09:41 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-25 09:41 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-25 09:41 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-25 09:41 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-25 09:41 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-25 09:41 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-25 09:41 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-24 11:53 - 2015-03-24 11:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-24 11:40 - 2015-03-24 11:40 - 00000000 ____D () C:\ProgramData\VHV
2015-03-23 09:29 - 2015-03-23 09:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 08:41 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 08:41 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 08:41 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 08:41 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 08:41 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 08:41 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 08:41 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 08:41 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 08:41 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 08:41 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 08:41 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 08:41 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 08:41 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 08:41 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 08:41 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 08:41 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 08:41 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 08:41 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 08:41 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 08:41 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 08:41 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 08:41 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 08:41 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 08:41 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:41 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 08:41 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 08:41 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:41 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 08:41 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 08:41 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 08:41 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:41 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:41 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 08:41 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 08:41 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 08:41 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 08:41 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 08:41 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-11 08:41 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 08:41 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 08:41 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 08:41 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 08:41 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 08:41 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 08:41 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:41 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 08:41 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 08:41 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 08:41 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 08:41 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 08:41 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:41 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 08:41 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 08:41 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 08:41 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 08:41 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 08:38 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 08:38 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 08:38 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 08:38 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 08:38 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 08:38 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 08:38 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 08:38 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 08:38 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 08:38 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 08:38 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 08:38 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 08:38 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 08:38 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 08:38 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 08:38 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:37 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 08:37 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 08:37 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 08:37 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 08:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 08:37 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 08:37 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 08:37 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 08:37 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 08:37 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:37 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:37 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 08:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 08:37 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 08:37 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 08:37 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 08:37 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 08:37 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 08:37 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 08:37 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 08:37 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-11 08:37 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 08:34 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:34 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 08:34 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 08:34 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 08:34 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 08:34 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 08:34 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 08:34 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 08:34 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 08:34 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 08:34 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 08:34 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 08:34 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 08:34 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 08:34 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 08:34 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 08:34 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 08:34 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 08:33 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 08:33 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 08:33 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:33 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 08:33 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 08:28 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 08:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-10 18:27 - 2015-03-10 18:27 - 00002948 _____ () C:\windows\System32\Tasks\{36E0ECA6-F4C7-40C1-B0A8-C7B4A09D22BC}
2015-03-10 18:12 - 2015-03-10 18:14 - 05532511 _____ (Adobe Systems, Inc.) C:\Users\MB\Downloads\Vista_Win7_Manual_ger.exe
2015-03-09 20:11 - 2015-03-09 20:11 - 00000000 _____ () C:\windows\SysWOW64\sho7760.tmp
2015-03-09 07:51 - 2015-01-09 01:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-03-09 07:51 - 2015-01-09 01:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-03-07 12:14 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-07 12:14 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-07 12:14 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-07 12:14 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 14:51 - 2013-11-05 16:35 - 00000428 _____ () C:\windows\Tasks\FaxArchive_CN389D3HW605KC.job
2015-04-02 14:43 - 2010-10-25 08:30 - 00000000 ____D () C:\ProgramData\Temp
2015-04-02 14:35 - 2012-06-20 10:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 14:33 - 2014-04-09 08:53 - 00000544 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000.job
2015-04-02 14:22 - 2010-10-26 00:56 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-04-02 14:22 - 2010-10-26 00:56 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-04-02 14:22 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-02 14:14 - 2011-10-21 14:35 - 00000000 ____D () C:\Users\MB\Documents\Outlook-Dateien
2015-04-02 13:55 - 2012-04-05 13:09 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 13:25 - 2015-02-01 14:38 - 01184434 _____ () C:\windows\WindowsUpdate.log
2015-04-02 13:14 - 2011-10-03 23:11 - 00131552 _____ () C:\Users\MB\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-02 12:40 - 2011-10-21 13:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 12:33 - 2009-07-14 04:34 - 00000510 _____ () C:\windows\win.ini
2015-04-02 12:18 - 2010-10-26 00:49 - 00000000 ____D () C:\windows\ShellNew
2015-04-02 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-02 12:17 - 2010-10-25 09:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-02 12:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-02 12:01 - 2009-07-14 06:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 12:01 - 2009-07-14 06:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 11:53 - 2011-09-08 21:26 - 00000000 ____D () C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-04-02 11:51 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-02 11:51 - 2009-07-14 06:45 - 00402592 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-02 09:11 - 2012-07-11 15:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-04-01 15:09 - 2014-04-09 08:53 - 00003558 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000
2015-03-31 14:13 - 2014-09-17 13:24 - 00000000 ____D () C:\windows\Minidump
2015-03-31 13:14 - 2011-09-08 21:26 - 00000000 ____D () C:\Users\MB
2015-03-30 20:28 - 2014-09-18 20:50 - 00000000 ____D () C:\Users\MB\Downloads\mailpv182
2015-03-30 20:28 - 2014-09-18 20:49 - 00014243 _____ () C:\Users\MB\Downloads\mailpv182.zip
2015-03-30 15:58 - 2012-04-03 14:57 - 00000000 ____D () C:\Users\MB\AppData\Roaming\Malwarebytes
2015-03-30 15:58 - 2012-04-03 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-30 15:58 - 2012-04-03 14:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-03-30 09:18 - 2013-10-19 10:53 - 00000000 ____D () C:\Users\MB\AppData\Roaming\HpUpdate
2015-03-27 10:02 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-27 09:41 - 2014-12-11 04:39 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-27 09:41 - 2014-05-07 19:39 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-25 09:22 - 2012-05-22 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-24 20:44 - 2012-09-23 10:12 - 00000000 ___RD () C:\Ablage_LZK_NEU
2015-03-24 11:54 - 2012-04-27 11:05 - 00017544 _____ () C:\windows\VFrame32.INI
2015-03-24 11:54 - 2010-10-25 08:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-24 11:51 - 2012-04-27 11:07 - 00001310 _____ () C:\windows\CAF.ini
2015-03-24 11:51 - 2012-04-27 11:07 - 00001066 _____ () C:\windows\DOCS.ini
2015-03-24 11:51 - 2012-04-27 11:06 - 00001869 _____ () C:\Users\Public\Desktop\VHV-Tarife.lnk
2015-03-23 09:15 - 2014-06-12 09:55 - 00000000 ____D () C:\Users\MB\AppData\Local\Adobe
2015-03-23 09:13 - 2012-06-20 10:04 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 09:13 - 2012-06-20 10:04 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 09:13 - 2012-06-20 10:04 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-20 18:08 - 2014-11-13 17:56 - 04433848 _____ () C:\Users\MB\Desktop\Umsatzliste_Neu.xlsx
2015-03-12 13:34 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-03-12 10:24 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 10:24 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-12 09:55 - 2013-08-16 09:58 - 00000000 ____D () C:\windows\system32\MRT
2015-03-12 09:47 - 2012-02-16 16:04 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-09 20:11 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2015-03-09 18:37 - 2015-01-29 09:32 - 00000042 _____ () C:\Users\MB\pdfprint.dat

==================== Files in the root of some directories =======

2015-04-02 12:05 - 2011-04-01 02:02 - 0000175 _____ () C:\Program Files (x86)\autorun.inf
2015-04-02 12:05 - 2011-05-30 16:37 - 0002010 _____ () C:\Program Files (x86)\README.HTM
2015-04-02 12:05 - 2011-06-22 15:09 - 1100664 _____ (Microsoft Corporation) C:\Program Files (x86)\setup.exe
2013-11-10 14:10 - 2014-09-23 11:59 - 0007621 _____ () C:\Users\MB\AppData\Local\Resmon.ResmonCfg
2013-10-19 10:50 - 2013-10-19 10:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-04-23 10:27 - 2012-04-23 10:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-09-08 21:27 - 2010-01-16 07:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2012-07-09 12:54 - 2012-07-09 12:58 - 4503728 ____T () C:\ProgramData\go_0molg.pad
2010-10-25 08:36 - 2010-10-25 08:36 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-10-25 08:34 - 2010-10-25 08:35 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-10-25 08:30 - 2010-10-25 08:31 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-25 08:35 - 2010-10-25 08:36 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-10-25 08:30 - 2010-10-25 08:30 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-25 08:31 - 2010-10-25 08:34 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\ProgramData\go_0molg.pad
C:\Users\MB\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\MB\pdfprint.dat


Some content of TEMP:
====================
C:\Users\MB\AppData\Local\Temp\ose00000.exe
C:\Users\MB\AppData\Local\Temp\proxy_vole6356787342494726840.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 11:18

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MB at 2015-04-02 14:54:12
Running from C:\Users\MB\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Conference (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Data Conference) (Version:  - Online-Presentation)
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version:  - Oberon Media)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Pack (HKLM-x32\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)
Gem Shop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}) (Version:  - Oberon Media)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.6.2492 (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\GoToMeeting) (Version: 7.1.6.2492 - CitrixOnline)
Greenfish Icon Editor Pro 3.25 (HKLM-x32\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
HanseMerkur-Tarife (HKLM-x32\...\HanseMerkur-Tarife) (Version:  - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Insaniquarium Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version:  - Oberon Media)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
klickTel Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 (HKLM-x32\...\{37C4B4B7-8F71-4DC1-8161-89E9998E6CB1}) (Version: 1.00.0000 - telegate MEDIA AG)
KV-Berater (HKLM-x32\...\KV-Berater) (Version:  - )
KV-Netto-Rechner (HKLM-x32\...\{061E1685-0345-40E2-B8DE-4D1830255AAA}_is1) (Version: 11.2 - Software für Vorsorge und Finanzplanung GmbH & Co. KG)
Levelnine 1.1.0 (HKLM-x32\...\0729-7432-3431-3138) (Version: 1.1.0 - ObjectiveIT Insure Limited)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (HKLM-x32\...\{FA440BE8-EC2F-4478-A01A-077DA0606501}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 (Deutsch) (HKLM\...\{77CB2F9F-67C5-4ADA-9321-B30C9C64727E}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (HKLM-x32\...\{C8320AEC-2E97-4C78-81EC-43CF6D248B01}) (Version: 1.00.0000 -  )
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\MyFreeCodec) (Version:  - )
Nuance PaperPort 14 (HKLM-x32\...\{960CE333-260D-4887-9785-57E2EEFA287D}) (Version: 14.0.0001 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Outlook Backup Assistant 7 (Vollversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7 - Priotecs IT GmbH)
PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop (HKLM\...\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}) (Version: 1.1.4241.14593 - OfficeDrop)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PC Beschleunigen - Vollständige Deinstallation (HKLM\...\PCSU-SL_is1) (Version: 2.3.18 - Speedchecker Limited) <==== ATTENTION
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Self-Service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}) (Version:  - Oberon Media)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.22.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Update PKV Premium Selection-Programm von Version 4.84 auf 4.86 (HKLM-x32\...\{389E5419-8E6A-4C03-B967-3CC3CFE9D3B1}_is1) (Version:  - Volz-ITSC Software GmbH)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VHV-Tarifprogramm (HKLM-x32\...\{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}) (Version: 61.0.25 - VHV Allgemeine Versicherung AG)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wise Registry Cleaner 8.42 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.42 - WiseCleaner.com, Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\MB\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

02-04-2015 10:29:00 Installed Microsoft Fix it 50450
02-04-2015 11:21:29 Installed Microsoft Fix it 50450
02-04-2015 11:22:37 Installed Microsoft Fix it 50450
02-04-2015 11:32:54 Microsoft Office 2010 wird entfernt
02-04-2015 12:06:58 Installed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04593281-20AC-446B-A05E-4263A4D724BF} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {068FA5AF-583F-46C9-8B75-713F882BAB11} - System32\Tasks\{05BC2901-82E2-4D8A-AEF6-3E95994ABBD0} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
Task: {1737B306-8AAB-4CA1-9AB2-2A6D6419D08D} - System32\Tasks\{874ACF21-2C2D-4E37-BF06-26614309F7CA} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-09-04] (AVAST Software)
Task: {2741EE23-61F1-4CB6-8B87-3CE06D53F520} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {27EBBAA0-88EC-40D2-AFD2-E491D6403A59} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {324005B9-4502-4598-A495-63C6010697B6} - System32\Tasks\FaxArchive_CN389D3HW605KC => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3ADE3B0B-E4A4-4403-9B65-8D1CA17A7EEB} - System32\Tasks\{61F05832-34C4-4C56-8619-7213574DFD6F} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-09-04] (AVAST Software)
Task: {49D39CF0-6311-41B6-AAC9-C62C80243113} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {6BA59962-0CE5-47B0-8C75-4194D0CD88B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {75B6CC5D-120A-4799-ABAC-91FA2120D47A} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {776FD23E-5564-440A-A693-9DA1AAE6EDD6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {80D2BC0A-64FB-4D84-AF8F-C9518F728A86} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-04] (AVAST Software)
Task: {817E22D6-91A2-48A6-A33D-3BE7002DD58B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {89AC4A15-50F2-4441-A706-5DEEEB8891ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {AF3D31DF-B0C8-4D3B-AC04-CBD00E1B5A2A} - System32\Tasks\{05D076A2-804C-479F-83CA-BEA9E75D5349} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2013-12-11] (pdfforge  GmbH)
Task: {B2C5DD05-1CA0-4E79-B74C-BC8FB854D8B9} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {B809A65B-CCEC-4FDC-B703-B6901AE482BC} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {BFB28C00-EDAE-43BD-8148-992216379201} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C0720FF8-3046-4D5F-A83A-32B1442BE902} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {C45D894C-EE6A-4AF7-BA6A-5B41CBA0CFCA} - System32\Tasks\hpUrlLauncher.exe_{920A7DED-DE0D-437D-84E2-0F65A52AF8CE} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DBBBD5F9-7B8E-4FBB-B58F-9A231F09B445} - System32\Tasks\{36E0ECA6-F4C7-40C1-B0A8-C7B4A09D22BC} => C:\Users\MB\Downloads\Vista_Win7_Manual_ger.exe [2015-03-10] (Adobe Systems, Inc.)
Task: {E33816D6-F95B-4969-B5BB-919E7BAF6325} - System32\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000 => C:\Users\MB\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe [2015-04-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E508715C-2E27-4A68-8AE4-38729347E30F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-23] (Adobe Systems Incorporated)
Task: {E9ECBFD0-FE01-444A-88C1-6FF1A0F9765C} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {FA4E614A-1860-4262-B7C4-A4ADB667107F} - System32\Tasks\{18F829BC-9C3C-4002-B13B-6DC46E685F0C} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2013-12-11] (pdfforge  GmbH)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FaxArchive_CN389D3HW605KC.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000.job => C:\Users\MB\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-02-13 18:51 - 2011-11-07 10:13 - 00235232 _____ () C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
2011-10-18 09:19 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2010-10-25 08:27 - 2009-03-05 11:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe
2010-10-25 08:33 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-16 11:45 - 2011-02-28 09:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-02-13 18:51 - 2011-07-27 09:57 - 00562072 _____ () C:\Program Files (x86)\PC Beschleunigen\sqlite3.dll
2014-09-04 09:41 - 2014-09-04 09:41 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-02 09:08 - 2015-04-02 09:08 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040102\algo.dll
2010-10-25 08:37 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-04 09:41 - 2014-09-04 09:41 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-12-12 14:31 - 2012-12-12 14:31 - 00012336 _____ () C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-08-01 11:01 - 2007-04-17 12:59 - 00827904 _____ () C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013\ktoutlka.dll
2013-08-01 11:01 - 2012-10-11 18:21 - 07790592 _____ () C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013\ktaddin.dll
2013-08-01 10:19 - 1999-03-02 09:12 - 00372736 _____ () C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013\ksdb32.dll
2015-04-01 18:52 - 2011-12-07 09:11 - 00472984 _____ () C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader.dll
2015-04-02 10:18 - 2015-04-02 10:18 - 00347544 _____ () C:\Users\MB\AppData\Local\assembly\dl3\8GBN0VDZ.LC6\5JBC0H2T.661\ee44cfe7\006d395e_afb4cc01\OBAOutlookAddIn.DLL
2015-04-02 10:18 - 2015-04-02 10:18 - 00292760 _____ () C:\Users\MB\AppData\Local\assembly\dl3\8GBN0VDZ.LC6\5JBC0H2T.661\7d126f35\00a89166_afb4cc01\OBAOutlookAddIn.resources.DLL
2015-04-02 10:18 - 2015-04-02 10:18 - 00292760 _____ () C:\Users\MB\AppData\Local\assembly\dl3\8GBN0VDZ.LC6\5JBC0H2T.661\32dd9b4b\004e2f64_afb4cc01\Interop.Outlook.DLL
2014-05-08 15:49 - 2014-05-08 15:49 - 00131072 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOutlookAddin.DEU
2014-05-08 15:49 - 2014-05-08 15:49 - 03989888 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2014-05-08 15:49 - 2014-05-08 15:49 - 01446912 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-04-02 10:19 - 2015-04-02 10:19 - 00124824 _____ () C:\Users\MB\AppData\Local\assembly\dl3\8GBN0VDZ.LC6\5JBC0H2T.661\4a82e390\00c79b60_afb4cc01\PTControls.DLL
2015-04-02 10:19 - 2015-04-02 10:19 - 00031128 _____ () C:\Users\MB\AppData\Local\assembly\dl3\8GBN0VDZ.LC6\5JBC0H2T.661\e3d52af7\009a6a5f_afb4cc01\PTCommons.DLL
2014-05-08 15:49 - 2014-05-08 15:49 - 00133120 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2011-02-18 10:04 - 2011-02-18 10:04 - 00196448 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-23 09:13 - 2015-03-23 09:13 - 16858288 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
2011-08-13 14:27 - 2011-08-13 14:27 - 00028672 _____ () C:\Program Files (x86)\Nuance\PaperPort\OfficeDropGate.dll
2011-08-13 14:12 - 2011-08-13 14:12 - 00559244 ____R () C:\Program Files (x86)\Nuance\PaperPort\sqlite3.dll
2011-08-13 14:27 - 2011-08-13 14:27 - 00535040 _____ () C:\Program Files (x86)\Nuance\PaperPort\EvernoteLink.g32
2011-08-13 14:29 - 2011-08-13 14:29 - 00045056 _____ () C:\Program Files (x86)\Nuance\PaperPort\SSOCRF.o32
2013-08-01 11:01 - 2007-07-11 07:31 - 05373715 _____ () C:\Program Files (x86)\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013\ktexcela.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^MB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Inversmonitor.lnk => C:\windows\pss\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Inversmonitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Schnellstarter.lnk => C:\windows\pss\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Schnellstarter.lnk.Startup

==================== Accounts: =============================

Administrator (S-1-5-21-1125036280-3562319748-3601731155-500 - Administrator - Disabled)
Gast (S-1-5-21-1125036280-3562319748-3601731155-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125036280-3562319748-3601731155-1002 - Limited - Enabled)
MB (S-1-5-21-1125036280-3562319748-3601731155-1000 - Administrator - Enabled) => C:\Users\MB

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 01:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6131.5000, Zeitstempel: 0x509b1020
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x191c
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (04/02/2015 00:38:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper, Version: 14.0.6010.1000, Zeitstempel: 0x4cc9a3bd
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003bc21
ID des fehlerhaften Prozesses: 0x1100
Startzeit der fehlerhaften Anwendung: 0xSetup.exe_Microsoft Setup Bootstrapper0
Pfad der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper1
Pfad des fehlerhaften Moduls: Setup.exe_Microsoft Setup Bootstrapper2
Berichtskennung: Setup.exe_Microsoft Setup Bootstrapper3

Error: (04/02/2015 00:37:58 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Excel: Accepted Safe Mode action : Excel konnte zuletzt nicht korrekt gestartet werden. Das Starten von Excel im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Excel im abgesicherten Modus starten?.
Accepted Safe Mode action : Microsoft Excel.

Error: (04/02/2015 00:15:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)

Error: (04/02/2015 00:15:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2350} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftvol.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftredir.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftplay.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftfs.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/02/2015 11:22:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftvol.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (04/02/2015 11:42:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (04/02/2015 09:05:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/02/2015 09:05:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (04/02/2015 09:05:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (04/02/2015 01:27:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (04/01/2015 01:32:41 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{0b2ca6ae-e085-11df-95d4-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D47A80EB-40A5-4AC4-BFA3-99FE3BE53F9D}

Error: (03/31/2015 02:07:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (03/31/2015 02:06:59 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80036efb50, 0xfffff80000b9a510)C:\windows\MEMORY.DMP033115-23914-01

Error: (03/31/2015 00:52:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (03/31/2015 00:51:46 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x0000000080000004, 0xfffff8000447ee6b, 0xfffff880057e5f10, 0x0000000000000000)C:\windows\MEMORY.DMP033115-30560-01


Microsoft Office Sessions:
=========================
Error: (04/02/2015 01:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.6131.5000509b1020ntdll.dll6.1.7601.18247521ea8e7c000000500038e19191c01d06d3617f59380C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\windows\SysWOW64\ntdll.dlle7b135a2-d92a-11e4-8d0f-e811321c113c

Error: (04/02/2015 00:38:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Setup.exe_Microsoft Setup Bootstrapper14.0.6010.10004cc9a3bdole32.dll6.1.7601.175144ce7b96fc00000050003bc21110001d06d311d09b8c1C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exeC:\windows\syswow64\ole32.dll5ec9ef03-d924-11e4-8d0f-e811321c113c

Error: (04/02/2015 00:37:58 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft ExcelExcel konnte zuletzt nicht korrekt gestartet werden. Das Starten von Excel im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Excel im abgesicherten Modus starten?

Error: (04/02/2015 00:15:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (04/02/2015 00:15:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)
2350

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftvol.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftredir.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftplay.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (04/02/2015 11:32:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftfs.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (04/02/2015 11:22:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Sftvol.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2012-04-05 15:33:25.856
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:33:25.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:33:25.638
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:33:25.435
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:33:25.326
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:33:25.217
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:17:02.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:17:02.793
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:17:02.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-04-05 15:17:02.479
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 71%
Total physical RAM: 3956.55 MB
Available physical RAM: 1132.04 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 4487.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:24.94 GB) NTFS
Drive d: () (Fixed) (Total:266.66 GB) (Free:266.23 GB) NTFS
Drive h: (VERBATIM HD) (Fixed) (Total:931.51 GB) (Free:868.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5C718880)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=266.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EE7A7A06)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 02.04.2015 14:04
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

gerchla1 02.04.2015 14:37
Code:
ComboFix 15-04-01.01 - MB 02.04.2015  15:10:54.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3957.1290 [GMT 2:00]
ausgeführt von:: C:\Users\MB\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\go_0molg.pad
C:\Users\MB\AppData\Local\assembly\tmp
C:\Users\MB\g2ax_customer_downloadhelper_win32_x86.exe
C:\windows\IsUn0407.exe
H:\autorun.inf


(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCSUService


(((((((((((((((((((((((  Dateien erstellt von 2015-03-02 bis 2015-04-02  ))))))))))))))))))))))))))))))


2015-04-02 13:20:18 . 2015-04-02 13:20:18        --------        d-----w-        C:\Users\Default\AppData\Local\temp
2015-04-02 10:17:02 . 2015-04-02 10:17:02        --------        d-----w-        C:\windows\PCHEALTH
2015-04-02 10:17:02 . 2015-04-02 10:17:02        --------        d-----w-        C:\Program Files (x86)\Microsoft Sync Framework
2015-04-02 10:14:19 . 2015-04-02 10:14:21        --------        d-----w-        C:\Program Files (x86)\Microsoft Visual Studio 8
2015-04-02 10:11:31 . 2015-04-02 10:11:31        --------        d-----w-        C:\Program Files (x86)\Microsoft Analysis Services
2015-04-02 10:07:59 . 2015-04-02 10:07:59        --------        d-----r-        C:\MSOCache
2015-04-02 10:06:02 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Groove.de-de
2015-04-02 10:05:57 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Excel.de-de
2015-04-02 10:05:57 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Catalog
2015-04-02 10:05:50 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Access.de-de
2015-04-02 10:05:49 . 2011-06-22 13:09:34        1100664        ----a-w-        C:\Program Files (x86)\setup.exe
2015-04-02 10:05:34 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Word.de-de
2015-04-02 10:04:56 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Updates
2015-04-02 10:04:56 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Rosebud.de-de
2015-04-02 10:04:56 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Publisher.de-de
2015-04-02 10:04:39 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\ProPlus.WW
2015-04-02 10:04:37 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Proofing.de-de
2015-04-02 10:04:35 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\PowerPoint.de-de
2015-04-02 10:04:35 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Outlook.de-de
2015-04-02 10:04:35 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\OneNote.de-de
2015-04-02 10:04:34 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Office64.de-de
2015-04-02 10:04:32 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Office.de-de
2015-04-02 10:04:31 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\InfoPath.de-de
2015-04-02 09:41:58 . 2015-04-02 09:49:57        --------        d-----w-        C:\Users\MB\AppData\Roaming\Wise Registry Cleaner
2015-04-02 09:41:12 . 2015-04-02 09:41:12        --------        d-----w-        C:\Program Files (x86)\Wise
2015-04-02 08:18:19 . 2015-04-02 13:19:40        --------        d-----w-        C:\Users\MB\AppData\Local\assembly
2015-04-01 16:52:53 . 2015-04-01 16:52:55        --------        d-----w-        C:\Program Files (x86)\Outlook Backup Assistant
2015-03-31 10:05:59 . 2015-04-02 12:55:15        --------        d-----w-        C:\FRST
2015-03-31 06:42:14 . 2015-03-14 10:02:13        12002392        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CAE68E1B-73B4-4774-94D5-3E3D94B79DB8}\mpengine.dll
2015-03-30 13:58:26 . 2015-04-02 13:23:01        129752        ----a-w-        C:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-30 13:58:06 . 2015-03-30 13:58:10        --------        d-----w-        C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 13:58:06 . 2014-11-21 04:14:22        63704        ----a-w-        C:\windows\system32\drivers\mwac.sys
2015-03-30 13:58:06 . 2014-11-21 04:14:12        93400        ----a-w-        C:\windows\system32\drivers\mbamchameleon.sys
2015-03-25 07:41:48 . 2015-03-11 04:06:00        943616        ----a-w-        C:\windows\system32\appraiser.dll
2015-03-25 07:41:48 . 2015-03-11 04:05:59        30720        ----a-w-        C:\windows\system32\acmigration.dll
2015-03-25 07:41:47 . 2015-03-11 04:06:14        677888        ----a-w-        C:\windows\system32\generaltel.dll
2015-03-25 07:41:47 . 2015-03-11 04:06:05        760832        ----a-w-        C:\windows\system32\invagent.dll
2015-03-25 07:41:47 . 2015-03-11 04:06:02        414720        ----a-w-        C:\windows\system32\devinv.dll
2015-03-25 07:41:47 . 2015-03-11 04:05:59        227328        ----a-w-        C:\windows\system32\aepdu.dll
2015-03-25 07:41:47 . 2015-03-11 04:05:59        192000        ----a-w-        C:\windows\system32\aepic.dll
2015-03-25 07:41:47 . 2015-03-11 04:02:07        1107456        ----a-w-        C:\windows\system32\aeinv.dll
2015-03-24 09:53:31 . 2015-03-24 09:53:35        --------        d-----w-        C:\ProgramData\Package Cache
2015-03-24 09:40:40 . 2015-03-24 09:40:40        --------        d-----w-        C:\ProgramData\VHV
2015-03-11 06:38:15 . 2015-02-20 04:41:01        41984        ----a-w-        C:\windows\system32\lpk.dll
2015-03-11 06:37:59 . 2015-02-03 03:30:58        631808        ----a-w-        C:\windows\system32\evr.dll
2015-03-11 06:34:24 . 2015-02-13 05:22:33        14177280        ----a-w-        C:\windows\system32\shell32.dll
2015-03-11 06:33:52 . 2015-01-17 02:48:38        1067520        ----a-w-        C:\windows\system32\msctf.dll
2015-03-11 06:33:52 . 2015-01-17 02:30:42        828928        ----a-w-        C:\windows\SysWow64\msctf.dll
2015-03-11 06:33:51 . 2015-02-03 03:31:16        1424896        ----a-w-        C:\windows\system32\WindowsCodecs.dll
2015-03-11 06:33:50 . 2015-02-03 03:12:42        1230848        ----a-w-        C:\windows\SysWow64\WindowsCodecs.dll
2015-03-11 06:33:46 . 2015-02-26 03:25:44        3204096        ----a-w-        C:\windows\system32\win32k.sys
2015-03-11 06:28:46 . 2015-02-04 03:16:35        465920        ----a-w-        C:\windows\system32\WMPhoto.dll
2015-03-11 06:28:43 . 2015-02-04 02:54:09        417792        ----a-w-        C:\windows\SysWow64\WMPhoto.dll
2015-03-09 18:11:54 . 2015-03-09 18:11:54        0        ----a-w-        C:\windows\SysWow64\sho7760.tmp
2015-03-07 10:14:59 . 2015-01-09 03:14:19        29696        ----a-w-        C:\windows\system32\powertracker.dll
2015-03-07 10:14:58 . 2015-01-09 03:14:27        91136        ----a-w-        C:\windows\system32\wdi.dll
2015-03-07 10:14:58 . 2015-01-09 03:14:19        950272        ----a-w-        C:\windows\system32\perftrack.dll
2015-03-07 10:14:58 . 2015-01-09 02:48:18        76800        ----a-w-        C:\windows\SysWow64\wdi.dll
.


((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-03-23 07:13:18 . 2012-06-20 08:04:59        778928        ----a-w-        C:\windows\SysWow64\FlashPlayerApp.exe
2015-03-23 07:13:18 . 2012-06-20 08:04:59        142512        ----a-w-        C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 07:47:23 . 2012-02-16 14:04:32        122905848        ----a-w-        C:\windows\system32\MRT.exe
2015-02-24 03:17:24 . 2011-11-16 08:30:24        295552        ------w-        C:\windows\system32\MpSigStub.exe
2015-02-17 14:26:28 . 2015-02-17 14:26:28        1217184        ----a-w-        C:\windows\SysWow64\FM20.DLL
2015-02-05 17:35:34 . 2015-02-05 17:35:34        5070512        ----a-w-        C:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-27 23:36:21 . 2015-02-11 08:18:42        1239720        ----a-w-        C:\windows\system32\aitstatic.exe
2015-01-24 11:12:34 . 2015-01-24 11:12:34        0        ----a-w-        C:\windows\SysWow64\sho8EFE.tmp


((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 12:40:26 324976]
"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe" [2014-05-20 13:29:14 6160152]
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe" [2014-09-12 09:44:20 759712]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2014-07-25 08:42:20 1562264]
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 02:29:50 2573416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 13:16:16 222504]
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 11:59:02 103720]
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 13:16:16 222504]
"UpdatePDRShortCut"="C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 02:02:26 222504]
"RemoteControl8"="C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 14:52:06 91432]
"PDVD8LanguageShortcut"="C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 14:54:44 50472]
"UpdatePPShortCut"="C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 13:15:16 218408]
"UpdatePSTShortCut"="C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 02:39:00 210216]
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 20:16:16 222504]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 12:40:26 324976]
"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 12:51:24 30568]
"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 12:48:54 46952]
"PPort14reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 11:40:16 333088]
"PDFProHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 00:07:24 607592]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" [2014-09-04 07:41:37 4085896]
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 13:24:56 383544]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 10:29:36 256896]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 12:50:10 96056]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 09:43:38 3499920]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 08:42:26 311616]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520]

C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk - C:\windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN389D3HW605KC;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;C:\windows\system32\srvany.exe;C:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys;C:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\system32\IEEtwCollector.exe;C:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\system32\drivers\mwac.sys;C:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys;C:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys;C:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;C:\windows\system32\DRIVERS\usb80236.sys;C:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys;C:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys;C:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys;C:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\system32\Drivers\SABI.sys;C:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aswHwid;avast! HardwareID;C:\windows\system32\drivers\aswHwid.sys;C:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys;C:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;C:\windows\system32\drivers\aswStm.sys;C:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Rezip;Rezip;C:\windows\SysWOW64\Rezip.exe;C:\windows\SysWOW64\Rezip.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys;C:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);C:\windows\system32\DRIVERS\dc3d.sys;C:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys;C:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;C:\windows\system32\drivers\mbam.sys;C:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\system32\drivers\MBAMSwissArmy.sys;C:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys;C:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL

Inhalt des "geplante Tasks" Ordners

2015-04-02 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 08:04:59 . 2015-03-23 07:13:18]

2015-04-02 C:\windows\Tasks\FaxArchive_CN389D3HW605KC.job
- C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17 02:34:50 . 2012-10-17 02:34:50]

2015-04-02 C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000.job
- C:\Users\MB\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe [2015-04-01 13:09:29 . 2015-04-01 13:09:27]

2015-02-04 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05 11:09:03 . 2014-10-22 16:37:48]

2015-04-02 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05 11:09:03 . 2014-10-22 16:37:48]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-04 07:41:12        634872        ----a-w-        C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 02:46:28 9644576]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2010-02-09 22:21:00 16413288]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 01:33:26 168960]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 14:40:58 1873256]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 19:38:18 558496]

------- Zusätzlicher Suchlauf -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M3C7F9957-B7F5-4DF2-AC95-E4D8FCD6477C&SearchSource=55&CUI=&UM=5&UP=SPCE6FD9A2-8FB2-4E0A-8789-0E768093C3E1&SSPV=
mLocal Page =
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Mit PDF Viewer 7 öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.claro.id - 80f6a4bc00000000000090004e43e858
FF - user.js: extensions.claro.instlDay - 15621
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.117:57:01
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQM1AkM6F&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 80f6a4bc00000000000090004e43e858
FF - user.js: extensions.incredibar_i.instlDay - 15621
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:33:36
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQM1AkM6F
FF - user.js: extensions.incredibar_i.upn2n - 92543716486274269
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 7777720

- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-KV-Berater - C:\WINDOWS\ISUN0407.EXE
AddRemove-Data Conference - C:\windows\system32\javaws.exe

cosinus 02.04.2015 14:41
Log vollständig? Sieht nicht danach aus :wtf:

gerchla1 02.04.2015 14:44
Das ist die kpl. Datei:

Code:
ComboFix 15-04-01.01 - MB 02.04.2015  15:10:54.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3957.1290 [GMT 2:00]
ausgeführt von:: C:\Users\MB\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\go_0molg.pad
C:\Users\MB\AppData\Local\assembly\tmp
C:\Users\MB\g2ax_customer_downloadhelper_win32_x86.exe
C:\windows\IsUn0407.exe
H:\autorun.inf


(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCSUService


(((((((((((((((((((((((  Dateien erstellt von 2015-03-02 bis 2015-04-02  ))))))))))))))))))))))))))))))


2015-04-02 13:20:18 . 2015-04-02 13:20:18        --------        d-----w-        C:\Users\Default\AppData\Local\temp
2015-04-02 10:17:02 . 2015-04-02 10:17:02        --------        d-----w-        C:\windows\PCHEALTH
2015-04-02 10:17:02 . 2015-04-02 10:17:02        --------        d-----w-        C:\Program Files (x86)\Microsoft Sync Framework
2015-04-02 10:14:19 . 2015-04-02 10:14:21        --------        d-----w-        C:\Program Files (x86)\Microsoft Visual Studio 8
2015-04-02 10:11:31 . 2015-04-02 10:11:31        --------        d-----w-        C:\Program Files (x86)\Microsoft Analysis Services
2015-04-02 10:07:59 . 2015-04-02 10:07:59        --------        d-----r-        C:\MSOCache
2015-04-02 10:06:02 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Groove.de-de
2015-04-02 10:05:57 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Excel.de-de
2015-04-02 10:05:57 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Catalog
2015-04-02 10:05:50 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Access.de-de
2015-04-02 10:05:49 . 2011-06-22 13:09:34        1100664        ----a-w-        C:\Program Files (x86)\setup.exe
2015-04-02 10:05:34 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Word.de-de
2015-04-02 10:04:56 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Updates
2015-04-02 10:04:56 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Rosebud.de-de
2015-04-02 10:04:56 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Publisher.de-de
2015-04-02 10:04:39 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\ProPlus.WW
2015-04-02 10:04:37 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Proofing.de-de
2015-04-02 10:04:35 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\PowerPoint.de-de
2015-04-02 10:04:35 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Outlook.de-de
2015-04-02 10:04:35 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\OneNote.de-de
2015-04-02 10:04:34 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Office64.de-de
2015-04-02 10:04:32 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\Office.de-de
2015-04-02 10:04:31 . 2013-02-16 09:52:44        --------        d-----w-        C:\Program Files (x86)\InfoPath.de-de
2015-04-02 09:41:58 . 2015-04-02 09:49:57        --------        d-----w-        C:\Users\MB\AppData\Roaming\Wise Registry Cleaner
2015-04-02 09:41:12 . 2015-04-02 09:41:12        --------        d-----w-        C:\Program Files (x86)\Wise
2015-04-02 08:18:19 . 2015-04-02 13:19:40        --------        d-----w-        C:\Users\MB\AppData\Local\assembly
2015-04-01 16:52:53 . 2015-04-01 16:52:55        --------        d-----w-        C:\Program Files (x86)\Outlook Backup Assistant
2015-03-31 10:05:59 . 2015-04-02 12:55:15        --------        d-----w-        C:\FRST
2015-03-31 06:42:14 . 2015-03-14 10:02:13        12002392        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CAE68E1B-73B4-4774-94D5-3E3D94B79DB8}\mpengine.dll
2015-03-30 13:58:26 . 2015-04-02 13:23:01        129752        ----a-w-        C:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-30 13:58:06 . 2015-03-30 13:58:10        --------        d-----w-        C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 13:58:06 . 2014-11-21 04:14:22        63704        ----a-w-        C:\windows\system32\drivers\mwac.sys
2015-03-30 13:58:06 . 2014-11-21 04:14:12        93400        ----a-w-        C:\windows\system32\drivers\mbamchameleon.sys
2015-03-25 07:41:48 . 2015-03-11 04:06:00        943616        ----a-w-        C:\windows\system32\appraiser.dll
2015-03-25 07:41:48 . 2015-03-11 04:05:59        30720        ----a-w-        C:\windows\system32\acmigration.dll
2015-03-25 07:41:47 . 2015-03-11 04:06:14        677888        ----a-w-        C:\windows\system32\generaltel.dll
2015-03-25 07:41:47 . 2015-03-11 04:06:05        760832        ----a-w-        C:\windows\system32\invagent.dll
2015-03-25 07:41:47 . 2015-03-11 04:06:02        414720        ----a-w-        C:\windows\system32\devinv.dll
2015-03-25 07:41:47 . 2015-03-11 04:05:59        227328        ----a-w-        C:\windows\system32\aepdu.dll
2015-03-25 07:41:47 . 2015-03-11 04:05:59        192000        ----a-w-        C:\windows\system32\aepic.dll
2015-03-25 07:41:47 . 2015-03-11 04:02:07        1107456        ----a-w-        C:\windows\system32\aeinv.dll
2015-03-24 09:53:31 . 2015-03-24 09:53:35        --------        d-----w-        C:\ProgramData\Package Cache
2015-03-24 09:40:40 . 2015-03-24 09:40:40        --------        d-----w-        C:\ProgramData\VHV
2015-03-11 06:38:15 . 2015-02-20 04:41:01        41984        ----a-w-        C:\windows\system32\lpk.dll
2015-03-11 06:37:59 . 2015-02-03 03:30:58        631808        ----a-w-        C:\windows\system32\evr.dll
2015-03-11 06:34:24 . 2015-02-13 05:22:33        14177280        ----a-w-        C:\windows\system32\shell32.dll
2015-03-11 06:33:52 . 2015-01-17 02:48:38        1067520        ----a-w-        C:\windows\system32\msctf.dll
2015-03-11 06:33:52 . 2015-01-17 02:30:42        828928        ----a-w-        C:\windows\SysWow64\msctf.dll
2015-03-11 06:33:51 . 2015-02-03 03:31:16        1424896        ----a-w-        C:\windows\system32\WindowsCodecs.dll
2015-03-11 06:33:50 . 2015-02-03 03:12:42        1230848        ----a-w-        C:\windows\SysWow64\WindowsCodecs.dll
2015-03-11 06:33:46 . 2015-02-26 03:25:44        3204096        ----a-w-        C:\windows\system32\win32k.sys
2015-03-11 06:28:46 . 2015-02-04 03:16:35        465920        ----a-w-        C:\windows\system32\WMPhoto.dll
2015-03-11 06:28:43 . 2015-02-04 02:54:09        417792        ----a-w-        C:\windows\SysWow64\WMPhoto.dll
2015-03-09 18:11:54 . 2015-03-09 18:11:54        0        ----a-w-        C:\windows\SysWow64\sho7760.tmp
2015-03-07 10:14:59 . 2015-01-09 03:14:19        29696        ----a-w-        C:\windows\system32\powertracker.dll
2015-03-07 10:14:58 . 2015-01-09 03:14:27        91136        ----a-w-        C:\windows\system32\wdi.dll
2015-03-07 10:14:58 . 2015-01-09 03:14:19        950272        ----a-w-        C:\windows\system32\perftrack.dll
2015-03-07 10:14:58 . 2015-01-09 02:48:18        76800        ----a-w-        C:\windows\SysWow64\wdi.dll
.


((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-03-23 07:13:18 . 2012-06-20 08:04:59        778928        ----a-w-        C:\windows\SysWow64\FlashPlayerApp.exe
2015-03-23 07:13:18 . 2012-06-20 08:04:59        142512        ----a-w-        C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 07:47:23 . 2012-02-16 14:04:32        122905848        ----a-w-        C:\windows\system32\MRT.exe
2015-02-24 03:17:24 . 2011-11-16 08:30:24        295552        ------w-        C:\windows\system32\MpSigStub.exe
2015-02-17 14:26:28 . 2015-02-17 14:26:28        1217184        ----a-w-        C:\windows\SysWow64\FM20.DLL
2015-02-05 17:35:34 . 2015-02-05 17:35:34        5070512        ----a-w-        C:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-27 23:36:21 . 2015-02-11 08:18:42        1239720        ----a-w-        C:\windows\system32\aitstatic.exe
2015-01-24 11:12:34 . 2015-01-24 11:12:34        0        ----a-w-        C:\windows\SysWow64\sho8EFE.tmp


((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 12:40:26 324976]
"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe" [2014-05-20 13:29:14 6160152]
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe" [2014-09-12 09:44:20 759712]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2014-07-25 08:42:20 1562264]
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 02:29:50 2573416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 13:16:16 222504]
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 11:59:02 103720]
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 13:16:16 222504]
"UpdatePDRShortCut"="C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 02:02:26 222504]
"RemoteControl8"="C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 14:52:06 91432]
"PDVD8LanguageShortcut"="C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 14:54:44 50472]
"UpdatePPShortCut"="C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 13:15:16 218408]
"UpdatePSTShortCut"="C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 02:39:00 210216]
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 20:16:16 222504]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 12:40:26 324976]
"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 12:51:24 30568]
"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 12:48:54 46952]
"PPort14reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 11:40:16 333088]
"PDFProHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 00:07:24 607592]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" [2014-09-04 07:41:37 4085896]
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 13:24:56 383544]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 10:29:36 256896]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 12:50:10 96056]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 09:43:38 3499920]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 08:42:26 311616]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520]

C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk - C:\windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN389D3HW605KC;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;C:\windows\system32\srvany.exe;C:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys;C:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\system32\IEEtwCollector.exe;C:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\system32\drivers\mwac.sys;C:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys;C:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys;C:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;C:\windows\system32\DRIVERS\usb80236.sys;C:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys;C:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys;C:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys;C:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\system32\Drivers\SABI.sys;C:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aswHwid;avast! HardwareID;C:\windows\system32\drivers\aswHwid.sys;C:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys;C:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;C:\windows\system32\drivers\aswStm.sys;C:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Rezip;Rezip;C:\windows\SysWOW64\Rezip.exe;C:\windows\SysWOW64\Rezip.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys;C:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);C:\windows\system32\DRIVERS\dc3d.sys;C:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys;C:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;C:\windows\system32\drivers\mbam.sys;C:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\system32\drivers\MBAMSwissArmy.sys;C:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys;C:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL

Inhalt des "geplante Tasks" Ordners

2015-04-02 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 08:04:59 . 2015-03-23 07:13:18]

2015-04-02 C:\windows\Tasks\FaxArchive_CN389D3HW605KC.job
- C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17 02:34:50 . 2012-10-17 02:34:50]

2015-04-02 C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000.job
- C:\Users\MB\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe [2015-04-01 13:09:29 . 2015-04-01 13:09:27]

2015-02-04 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05 11:09:03 . 2014-10-22 16:37:48]

2015-04-02 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-05 11:09:03 . 2014-10-22 16:37:48]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-04 07:41:12        634872        ----a-w-        C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 02:46:28 9644576]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2010-02-09 22:21:00 16413288]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 01:33:26 168960]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 14:40:58 1873256]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 19:38:18 558496]

------- Zusätzlicher Suchlauf -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M3C7F9957-B7F5-4DF2-AC95-E4D8FCD6477C&SearchSource=55&CUI=&UM=5&UP=SPCE6FD9A2-8FB2-4E0A-8789-0E768093C3E1&SSPV=
mLocal Page =
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Mit PDF Viewer 7 öffnen - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.claro.id - 80f6a4bc00000000000090004e43e858
FF - user.js: extensions.claro.instlDay - 15621
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.117:57:01
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQM1AkM6F&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 80f6a4bc00000000000090004e43e858
FF - user.js: extensions.incredibar_i.instlDay - 15621
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:33:36
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQM1AkM6F
FF - user.js: extensions.incredibar_i.upn2n - 92543716486274269
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 7777720

- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-KV-Berater - C:\WINDOWS\ISUN0407.EXE
AddRemove-Data Conference - C:\windows\system32\javaws.exe
Nochmal ausführen?

cosinus 02.04.2015 15:11
Bitte mit MBAR fortfahren:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

gerchla1 02.04.2015 19:21
Es wurde keine Maleware gefunden!

Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.02.05
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
MB :: MB-PC [administrator]

02.04.2015 20:01:49
mbar-log-2015-04-02 (20-01-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 365275
Time elapsed: 17 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 03.04.2015 14:44
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


gerchla1 07.04.2015 08:35
Hallo,

hier der erste Log:

Code:
# AdwCleaner v4.200 - Bericht erstellt 07/04/2015 um 09:13:30
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-04-06.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : MB - MB-PC
# Gestarted von : C:\Users\MB\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\MB\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\MB\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\MB\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\MB\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\MB\Documents\PCSpeedUp
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\invalidprefs.js
Datei Gelöscht : C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\user.js
Datei Gelöscht : C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\bprotector web data

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\bProtector
Schlüssel Gelöscht : HKCU\Software\Conduit_Search_Protect
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\bProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v36.0.4 (x86 de)

[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Claro Search");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.admin", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.aflt", "babsst");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.dfltLng", "en");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.excTlbr", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.id", "80f6a4bc00000000000090004e43e858");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.instlDay", "15621");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.instlRef", "sst");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.prdct", "claro");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.vrsn", "1.6.4.1");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.vrsni", "1.6.4.1");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.6.4.117:57:01");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.admin", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.did", "10643");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.hdrMd5", "E2321CE873C9DCB572E72621F7F13EDE");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.hmpg", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.id", "80f6a4bc00000000000090004e43e858");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.instlDay", "15621");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.instlRef", "");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", true);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1418:33:36");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.newTab", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.ppd", "7777720");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.productid", "26");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.sg", "none");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQM1AkM6F&loc=IB_TB&i=26&search=");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.upn2", "6PQM1AkM6F");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.upn2n", "92543716486274269");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1418:33:36");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.id", "80f6a4bc00000000000090004e43e858");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15621");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ppd", "7777720");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQM1AkM6F&loc=IB_TB&i=26&search=");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQM1AkM6F");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92543716486274269");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:33:36");
[1gil7azr.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

-\\ Google Chrome v

[C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4112_7&babsrc=SP_clro&mntrId=80f6a4bc00000000000090004e43e858
[C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Homepage] : hxxp://www.claro-search.com/?affID=114508&tt=4112_7&babsrc=HP_clro&mntrId=80f6a4bc00000000000090004e43e858

*************************

AdwCleaner[R0].txt - [14320 Bytes] - [07/04/2015 09:10:18]
AdwCleaner[S0].txt - [13798 Bytes] - [07/04/2015 09:13:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13858  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.2 (04.06.2015:1)
OS: Windows 7 Home Premium x64
Ran by MB on 07.04.2015 at  9:23:48,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\MB\AppData\Roaming\flexnet"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\MB\AppData\Roaming\mozilla\firefox\profiles\1gil7azr.default\minidumps [149 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.04.2015 at  9:28:12,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MB (administrator) on MB-PC on 07-04-2015 09:31:09
Running from C:\Users\MB\Downloads
Loaded Profiles: MB (Available profiles: MB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-21] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-04] (AVAST Software)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6160152 2014-05-20] (Piriform Ltd)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-09-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-09-04] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default
FF NewTab: https://www.google.de/search?q=
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1125036280-3562319748-3601731155-1000: @citrixonline.com/appdetectorplugin -> C:\Users\MB\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-25] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\MB\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-03-06] (Cisco WebEx LLC)
FF Extension: GraphOn GO-Global - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\Extensions\support@graphon.com [2014-11-24]
FF Extension: Onlinestarter - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\Extensions\webmaster@biss-net.com [2014-02-18]
FF Extension: FlashGot - C:\Users\MB\AppData\Roaming\Mozilla\Firefox\Profiles\1gil7azr.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-07-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-11-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-10]

Chrome:
=======
CHR Profile: C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-05]
CHR Extension: (Google Search) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-05]
CHR Extension: (avast! WebRep) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-04-18]
CHR Extension: (Gmail) - C:\Users\MB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-04] (AVAST Software)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2011-11-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-04] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-01-29] (Windows (R) 2003 DDK 3790 provider)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 09:28 - 2015-04-07 09:28 - 00001219 _____ () C:\Users\MB\Desktop\JRT.txt
2015-04-07 09:24 - 2015-04-07 09:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-MB-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-07 09:23 - 2015-04-07 09:23 - 02691312 _____ (Thisisu) C:\Users\MB\Desktop\JRT.exe
2015-04-07 09:23 - 2015-04-07 09:23 - 00000000 ____D () C:\RegBackup
2015-04-07 09:10 - 2015-04-07 09:22 - 00000000 ____D () C:\AdwCleaner
2015-04-07 09:07 - 2015-04-07 09:07 - 02208768 _____ () C:\Users\MB\Desktop\AdwCleaner_4.200.exe
2015-04-02 20:01 - 2015-04-02 20:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-02 19:53 - 2015-04-02 20:20 - 00000000 ____D () C:\Users\MB\Desktop\mbar
2015-04-02 19:53 - 2015-04-02 19:53 - 16502728 _____ (Malwarebytes Corp.) C:\Users\MB\Downloads\mbar-1.09.1.1004.exe
2015-04-02 15:08 - 2015-04-02 15:29 - 00000000 ____D () C:\Qoobox
2015-04-02 15:08 - 2015-04-02 15:29 - 00000000 ____D () C:\ComboFix
2015-04-02 15:08 - 2015-04-02 15:28 - 00000000 ____D () C:\windows\erdnt
2015-04-02 15:08 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-02 15:08 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-02 15:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-02 15:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-02 15:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-02 15:08 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-02 15:08 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-02 15:08 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-02 15:05 - 2015-04-02 15:07 - 05617096 ____R (Swearware) C:\Users\MB\Desktop\ComboFix.exe
2015-04-02 13:19 - 2015-04-02 13:19 - 00000782 _____ () C:\Users\MB\Desktop\Fehlermeldung bei Rücksicherung_Outlook_02042015.txt
2015-04-02 12:19 - 2015-04-02 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-04-02 12:19 - 2015-04-02 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-02 12:17 - 2015-04-02 12:17 - 00000000 ____D () C:\windows\PCHEALTH
2015-04-02 12:17 - 2015-04-02 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-04-02 12:14 - 2015-04-02 12:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-04-02 12:11 - 2015-04-02 12:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-04-02 12:07 - 2015-04-02 12:07 - 00000000 __RHD () C:\MSOCache
2015-04-02 12:05 - 2013-02-16 11:52 - 00000000 ____D () C:\Program Files (x86)\Catalog
2015-04-02 12:05 - 2011-06-22 15:09 - 01100664 _____ (Microsoft Corporation) C:\Program Files (x86)\setup.exe
2015-04-02 12:05 - 2011-05-30 16:37 - 00002010 _____ () C:\Program Files (x86)\README.HTM
2015-04-02 12:04 - 2013-02-16 11:52 - 00000000 ____D () C:\Program Files (x86)\Updates
2015-04-02 12:04 - 2013-02-16 11:52 - 00000000 ____D () C:\Program Files (x86)\ProPlus.WW
2015-04-02 11:41 - 2015-04-02 11:49 - 00000000 ____D () C:\Users\MB\AppData\Roaming\Wise Registry Cleaner
2015-04-02 11:41 - 2015-04-02 11:41 - 00001231 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-04-02 11:41 - 2015-04-02 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-04-02 11:41 - 2015-04-02 11:41 - 00000000 ____D () C:\Program Files (x86)\Wise
2015-04-02 11:40 - 2015-04-02 11:40 - 01203488 _____ () C:\Users\MB\Downloads\Wise Registry Cleaner - CHIP-Installer.exe
2015-04-02 10:32 - 2015-04-02 11:31 - 00000004 _____ () C:\ScrubRetValFile.txt
2015-04-02 10:28 - 2015-04-02 10:28 - 01184256 _____ () C:\Users\MB\Downloads\MicrosoftFixit50450.msi
2015-04-01 18:54 - 2015-04-01 18:54 - 00000000 ____D () C:\Users\MB\Documents\Backups
2015-04-01 18:52 - 2015-04-01 18:52 - 00001193 _____ () C:\Users\MB\Desktop\Outlook Backup Assistant.lnk
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\Users\MB\Downloads\Outlook Backup Assistant 7 (de)
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\Users\MB\Documents\Add-in Express
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priotecs Software
2015-04-01 18:52 - 2015-04-01 18:52 - 00000000 ____D () C:\Program Files (x86)\Outlook Backup Assistant
2015-04-01 18:50 - 2015-04-01 18:50 - 02697695 _____ () C:\Users\MB\Downloads\Outlook Backup Assistant 7 (de).zip
2015-04-01 18:35 - 2015-04-01 18:35 - 00068541 _____ () C:\Users\MB\Downloads\mailpv_1.83.zip
2015-04-01 18:33 - 2015-04-01 18:33 - 01203488 _____ () C:\Users\MB\Downloads\Mail PassView - CHIP-Installer.exe
2015-03-31 15:04 - 2015-03-31 15:04 - 00000000 ____D () C:\Users\MB\Desktop\Aufräumen PC
2015-03-31 13:22 - 2015-04-02 14:55 - 00048314 _____ () C:\Users\MB\Downloads\Addition.txt
2015-03-31 13:14 - 2015-03-31 13:14 - 00000000 _____ () C:\Users\MB\defogger_reenable
2015-03-31 13:13 - 2015-03-31 13:13 - 00000238 _____ () C:\Users\MB\Downloads\defogger_enable.log
2015-03-31 13:02 - 2015-03-31 13:14 - 00000466 _____ () C:\Users\MB\Downloads\defogger_disable.log
2015-03-31 13:01 - 2015-03-31 13:01 - 00050477 _____ () C:\Users\MB\Downloads\Defogger.exe
2015-03-31 12:06 - 2015-04-07 09:31 - 00026480 _____ () C:\Users\MB\Downloads\FRST.txt
2015-03-31 12:05 - 2015-04-07 09:31 - 00000000 ____D () C:\FRST
2015-03-31 12:05 - 2015-03-31 12:05 - 02095616 _____ (Farbar) C:\Users\MB\Downloads\FRST64.exe
2015-03-30 15:58 - 2015-04-07 09:24 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 15:58 - 2015-04-02 20:01 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-30 15:58 - 2015-03-30 15:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-30 15:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-25 09:41 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-25 09:41 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-25 09:41 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-25 09:41 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-25 09:41 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-25 09:41 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-25 09:41 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-25 09:41 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-24 11:53 - 2015-03-24 11:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-24 11:40 - 2015-03-24 11:40 - 00000000 ____D () C:\ProgramData\VHV
2015-03-23 09:29 - 2015-04-07 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 08:41 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 08:41 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 08:41 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 08:41 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 08:41 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 08:41 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 08:41 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 08:41 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 08:41 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 08:41 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 08:41 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 08:41 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 08:41 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 08:41 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 08:41 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 08:41 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 08:41 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 08:41 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 08:41 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 08:41 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 08:41 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 08:41 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 08:41 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 08:41 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:41 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 08:41 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 08:41 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:41 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 08:41 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 08:41 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 08:41 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:41 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:41 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 08:41 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 08:41 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 08:41 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 08:41 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 08:41 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-11 08:41 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 08:41 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 08:41 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 08:41 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 08:41 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 08:41 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 08:41 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:41 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 08:41 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 08:41 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 08:41 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 08:41 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 08:41 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:41 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 08:41 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 08:41 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 08:41 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 08:41 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 08:38 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 08:38 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 08:38 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 08:38 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 08:38 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 08:38 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 08:38 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 08:38 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 08:38 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 08:38 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 08:38 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 08:38 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 08:38 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 08:38 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 08:38 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 08:38 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 08:38 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:38 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:37 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 08:37 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 08:37 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 08:37 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 08:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 08:37 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 08:37 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 08:37 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 08:37 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 08:37 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 08:37 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 08:37 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 08:37 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:37 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:37 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 08:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 08:37 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 08:37 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 08:37 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 08:37 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 08:37 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 08:37 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 08:37 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 08:37 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 08:37 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-11 08:37 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 08:34 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:34 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 08:34 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 08:34 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 08:34 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 08:34 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 08:34 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 08:34 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 08:34 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 08:34 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 08:34 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 08:34 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 08:34 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 08:34 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 08:34 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 08:34 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 08:34 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 08:34 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 08:34 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 08:34 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 08:33 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 08:33 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 08:33 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:33 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 08:33 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 08:28 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 08:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-10 18:27 - 2015-03-10 18:27 - 00002948 _____ () C:\windows\System32\Tasks\{36E0ECA6-F4C7-40C1-B0A8-C7B4A09D22BC}
2015-03-10 18:12 - 2015-03-10 18:14 - 05532511 _____ (Adobe Systems, Inc.) C:\Users\MB\Downloads\Vista_Win7_Manual_ger.exe
2015-03-09 20:11 - 2015-03-09 20:11 - 00000000 _____ () C:\windows\SysWOW64\sho7760.tmp
2015-03-09 07:51 - 2015-01-09 01:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-03-09 07:51 - 2015-01-09 01:43 - 00419936 _____ () C:\windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 09:31 - 2013-11-05 16:35 - 00000428 _____ () C:\windows\Tasks\FaxArchive_CN389D3HW605KC.job
2015-04-07 09:27 - 2009-07-14 06:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 09:27 - 2009-07-14 06:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 09:26 - 2015-02-01 14:38 - 02084614 _____ () C:\windows\WindowsUpdate.log
2015-04-07 09:19 - 2012-07-11 15:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-04-07 09:18 - 2011-09-08 21:26 - 00000000 ____D () C:\Users\MB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-04-07 09:15 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-07 09:08 - 2011-10-21 14:35 - 00000000 ____D () C:\Users\MB\Documents\Outlook-Dateien
2015-04-07 08:56 - 2011-10-21 13:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-07 08:55 - 2012-04-05 13:09 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-07 08:46 - 2009-07-14 04:34 - 00000510 _____ () C:\windows\win.ini
2015-04-07 08:35 - 2012-06-20 10:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-07 08:33 - 2014-04-09 08:53 - 00000544 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000.job
2015-04-02 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2015-04-02 15:22 - 2009-07-14 06:45 - 00484032 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-02 15:21 - 2009-07-14 04:34 - 95682560 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-04-02 15:21 - 2009-07-14 04:34 - 40108032 _____ () C:\windows\system32\config\SYSTEM.bak
2015-04-02 15:21 - 2009-07-14 04:34 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2015-04-02 15:21 - 2009-07-14 04:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2015-04-02 15:21 - 2009-07-14 04:34 - 00024576 _____ () C:\windows\system32\config\SAM.bak
2015-04-02 15:19 - 2011-09-08 21:26 - 00000000 ____D () C:\Users\MB
2015-04-02 14:43 - 2010-10-25 08:30 - 00000000 ____D () C:\ProgramData\Temp
2015-04-02 14:22 - 2010-10-26 00:56 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-04-02 14:22 - 2010-10-26 00:56 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-04-02 14:22 - 2009-07-14 07:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-02 13:14 - 2011-10-03 23:11 - 00131552 _____ () C:\Users\MB\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-02 12:18 - 2010-10-26 00:49 - 00000000 ____D () C:\windows\ShellNew
2015-04-02 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-02 12:17 - 2010-10-25 09:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-02 12:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-01 15:09 - 2014-04-09 08:53 - 00003558 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000
2015-03-31 14:13 - 2014-09-17 13:24 - 00000000 ____D () C:\windows\Minidump
2015-03-30 20:28 - 2014-09-18 20:50 - 00000000 ____D () C:\Users\MB\Downloads\mailpv182
2015-03-30 20:28 - 2014-09-18 20:49 - 00014243 _____ () C:\Users\MB\Downloads\mailpv182.zip
2015-03-30 15:58 - 2012-04-03 14:57 - 00000000 ____D () C:\Users\MB\AppData\Roaming\Malwarebytes
2015-03-30 15:58 - 2012-04-03 14:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-30 15:58 - 2012-04-03 14:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-03-30 09:18 - 2013-10-19 10:53 - 00000000 ____D () C:\Users\MB\AppData\Roaming\HpUpdate
2015-03-27 10:02 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-27 09:41 - 2014-12-11 04:39 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-27 09:41 - 2014-05-07 19:39 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-25 09:22 - 2012-05-22 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-24 20:44 - 2012-09-23 10:12 - 00000000 ___RD () C:\Ablage_LZK_NEU
2015-03-24 11:54 - 2012-04-27 11:05 - 00017544 _____ () C:\windows\VFrame32.INI
2015-03-24 11:54 - 2010-10-25 08:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-24 11:51 - 2012-04-27 11:07 - 00001310 _____ () C:\windows\CAF.ini
2015-03-24 11:51 - 2012-04-27 11:07 - 00001066 _____ () C:\windows\DOCS.ini
2015-03-24 11:51 - 2012-04-27 11:06 - 00001869 _____ () C:\Users\Public\Desktop\VHV-Tarife.lnk
2015-03-23 09:15 - 2014-06-12 09:55 - 00000000 ____D () C:\Users\MB\AppData\Local\Adobe
2015-03-23 09:13 - 2012-06-20 10:04 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-23 09:13 - 2012-06-20 10:04 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-23 09:13 - 2012-06-20 10:04 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-20 18:08 - 2014-11-13 17:56 - 04433848 _____ () C:\Users\MB\Desktop\Umsatzliste_Neu.xlsx
2015-03-12 13:34 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2015-03-12 10:24 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 10:24 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-12 09:55 - 2013-08-16 09:58 - 00000000 ____D () C:\windows\system32\MRT
2015-03-12 09:47 - 2012-02-16 16:04 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-09 20:11 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2015-03-09 18:37 - 2015-01-29 09:32 - 00000042 _____ () C:\Users\MB\pdfprint.dat

==================== Files in the root of some directories =======

2015-04-02 12:05 - 2011-04-01 02:02 - 0000175 _____ () C:\Program Files (x86)\autorun.inf
2015-04-02 12:05 - 2011-05-30 16:37 - 0002010 _____ () C:\Program Files (x86)\README.HTM
2015-04-02 12:05 - 2011-06-22 15:09 - 1100664 _____ (Microsoft Corporation) C:\Program Files (x86)\setup.exe
2013-11-10 14:10 - 2014-09-23 11:59 - 0007621 _____ () C:\Users\MB\AppData\Local\Resmon.ResmonCfg
2013-10-19 10:50 - 2013-10-19 10:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-04-23 10:27 - 2012-04-23 10:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-09-08 21:27 - 2010-01-16 07:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-10-25 08:36 - 2010-10-25 08:36 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-10-25 08:34 - 2010-10-25 08:35 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-10-25 08:30 - 2010-10-25 08:31 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-25 08:35 - 2010-10-25 08:36 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-10-25 08:30 - 2010-10-25 08:30 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-25 08:31 - 2010-10-25 08:34 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\Users\MB\pdfprint.dat


Some content of TEMP:
====================
C:\Users\MB\AppData\Local\Temp\Quarantine.exe
C:\Users\MB\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 11:18

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MB at 2015-04-07 09:32:18
Running from C:\Users\MB\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Conference (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Data Conference) (Version:  - Online-Presentation)
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version:  - Oberon Media)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Pack (HKLM-x32\...\{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1) (Version: 6.3.1.1 - Oberon Media, Inc.)
Gem Shop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}) (Version:  - Oberon Media)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.6.2492 (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\GoToMeeting) (Version: 7.1.6.2492 - CitrixOnline)
Greenfish Icon Editor Pro 3.25 (HKLM-x32\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
HanseMerkur-Tarife (HKLM-x32\...\HanseMerkur-Tarife) (Version:  - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Insaniquarium Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version:  - Oberon Media)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
klickTel Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 (HKLM-x32\...\{37C4B4B7-8F71-4DC1-8161-89E9998E6CB1}) (Version: 1.00.0000 - telegate MEDIA AG)
KV-Berater (HKLM-x32\...\KV-Berater) (Version:  - )
KV-Netto-Rechner (HKLM-x32\...\{061E1685-0345-40E2-B8DE-4D1830255AAA}_is1) (Version: 11.2 - Software für Vorsorge und Finanzplanung GmbH & Co. KG)
Levelnine 1.1.0 (HKLM-x32\...\0729-7432-3431-3138) (Version: 1.1.0 - ObjectiveIT Insure Limited)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook-Sicherung für Persönliche Ordner (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (HKLM-x32\...\{FA440BE8-EC2F-4478-A01A-077DA0606501}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 (Deutsch) (HKLM\...\{77CB2F9F-67C5-4ADA-9321-B30C9C64727E}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (HKLM-x32\...\{C8320AEC-2E97-4C78-81EC-43CF6D248B01}) (Version: 1.00.0000 -  )
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\MyFreeCodec) (Version:  - )
Nuance PaperPort 14 (HKLM-x32\...\{960CE333-260D-4887-9785-57E2EEFA287D}) (Version: 14.0.0001 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Outlook Backup Assistant 7 (Vollversion) (HKLM-x32\...\812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1) (Version: 7 - Priotecs IT GmbH)
PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop (HKLM\...\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}) (Version: 1.1.4241.14593 - OfficeDrop)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Self-Service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}) (Version:  - Oberon Media)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.22.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Update PKV Premium Selection-Programm von Version 4.84 auf 4.86 (HKLM-x32\...\{389E5419-8E6A-4C03-B967-3CC3CFE9D3B1}_is1) (Version:  - Volz-ITSC Software GmbH)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VHV-Tarifprogramm (HKLM-x32\...\{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}) (Version: 61.0.25 - VHV Allgemeine Versicherung AG)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wise Registry Cleaner 8.42 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.42 - WiseCleaner.com, Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{6295A54D-BD2A-4CF7-A288-62B0D91F7879}\InprocServer32 -> C:\Program Files (x86)\Outlook Backup Assistant\AddIn\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{743035C6-FA33-39DF-A741-34A81649705C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\MB\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{E3DF3DC0-3869-3CF6-9638-ACE5BFCF8341}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1125036280-3562319748-3601731155-1000_Classes\CLSID\{E444D266-68C3-4748-91FC-49A65C606776}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-04-2015 10:03:13 Windows Update
07-04-2015 08:03:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-02 15:23 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04593281-20AC-446B-A05E-4263A4D724BF} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {068FA5AF-583F-46C9-8B75-713F882BAB11} - System32\Tasks\{05BC2901-82E2-4D8A-AEF6-3E95994ABBD0} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
Task: {1737B306-8AAB-4CA1-9AB2-2A6D6419D08D} - System32\Tasks\{874ACF21-2C2D-4E37-BF06-26614309F7CA} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-09-04] (AVAST Software)
Task: {2741EE23-61F1-4CB6-8B87-3CE06D53F520} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {27EBBAA0-88EC-40D2-AFD2-E491D6403A59} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {324005B9-4502-4598-A495-63C6010697B6} - System32\Tasks\FaxArchive_CN389D3HW605KC => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3ADE3B0B-E4A4-4403-9B65-8D1CA17A7EEB} - System32\Tasks\{61F05832-34C4-4C56-8619-7213574DFD6F} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-09-04] (AVAST Software)
Task: {49D39CF0-6311-41B6-AAC9-C62C80243113} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {6BA59962-0CE5-47B0-8C75-4194D0CD88B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {75B6CC5D-120A-4799-ABAC-91FA2120D47A} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {776FD23E-5564-440A-A693-9DA1AAE6EDD6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {80D2BC0A-64FB-4D84-AF8F-C9518F728A86} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-04] (AVAST Software)
Task: {817E22D6-91A2-48A6-A33D-3BE7002DD58B} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {89AC4A15-50F2-4441-A706-5DEEEB8891ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {AF3D31DF-B0C8-4D3B-AC04-CBD00E1B5A2A} - System32\Tasks\{05D076A2-804C-479F-83CA-BEA9E75D5349} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2013-12-11] (pdfforge  GmbH)
Task: {B2C5DD05-1CA0-4E79-B74C-BC8FB854D8B9} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {B809A65B-CCEC-4FDC-B703-B6901AE482BC} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {BFB28C00-EDAE-43BD-8148-992216379201} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C0720FF8-3046-4D5F-A83A-32B1442BE902} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {C45D894C-EE6A-4AF7-BA6A-5B41CBA0CFCA} - System32\Tasks\hpUrlLauncher.exe_{920A7DED-DE0D-437D-84E2-0F65A52AF8CE} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DBBBD5F9-7B8E-4FBB-B58F-9A231F09B445} - System32\Tasks\{36E0ECA6-F4C7-40C1-B0A8-C7B4A09D22BC} => C:\Users\MB\Downloads\Vista_Win7_Manual_ger.exe [2015-03-10] (Adobe Systems, Inc.)
Task: {E33816D6-F95B-4969-B5BB-919E7BAF6325} - System32\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000 => C:\Users\MB\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe [2015-04-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E508715C-2E27-4A68-8AE4-38729347E30F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-23] (Adobe Systems Incorporated)
Task: {E9ECBFD0-FE01-444A-88C1-6FF1A0F9765C} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {FA4E614A-1860-4262-B7C4-A4ADB667107F} - System32\Tasks\{18F829BC-9C3C-4002-B13B-6DC46E685F0C} => C:\Program Files (x86)\PDFCreator\PDFCreator.exe [2013-12-11] (pdfforge  GmbH)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FaxArchive_CN389D3HW605KC.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1125036280-3562319748-3601731155-1000.job => C:\Users\MB\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-10-18 09:19 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2010-10-25 08:27 - 2009-03-05 11:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe
2010-10-25 08:33 - 2009-07-07 20:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-04 09:41 - 2014-09-04 09:41 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-07 09:16 - 2015-04-07 09:16 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040700\algo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-25 08:37 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 13:59 - 2009-06-03 13:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-04 09:41 - 2014-09-04 09:41 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^MB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Inversmonitor.lnk => C:\windows\pss\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Inversmonitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Schnellstarter.lnk => C:\windows\pss\Telefon- und Branchenbuch + Rückwärtssuche Frühjahr 2013 - Schnellstarter.lnk.Startup

==================== Accounts: =============================

Administrator (S-1-5-21-1125036280-3562319748-3601731155-500 - Administrator - Disabled)
Gast (S-1-5-21-1125036280-3562319748-3601731155-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1125036280-3562319748-3601731155-1002 - Limited - Enabled)
MB (S-1-5-21-1125036280-3562319748-3601731155-1000 - Administrator - Enabled) => C:\Users\MB

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 42%
Total physical RAM: 3956.55 MB
Available physical RAM: 2283.28 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 5801.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:28.32 GB) NTFS
Drive d: () (Fixed) (Total:266.66 GB) (Free:266.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5C718880)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=266.7 GB) - (Type=OF Extended)

==================== End Of Log ============================

cosinus 07.04.2015 09:05
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2011-11-16] () [File not signed]
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3
C:\Users\MB\pdfprint.dat
C:\Program Files (x86)\autorun.inf
C:\windows\System32\Tasks\{36E0ECA6-F4C7-40C1-B0A8-C7B4A09D22BC}
C:\windows\SysWOW64\sho7760.tmp
C:\windows\SysWOW64\srvany.exe
C:\Program Files (x86)\README.HTM
C:\Program Files (x86)\setup.exe
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


gerchla1 07.04.2015 09:34
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MB at 2015-04-07 10:21:21 Run:1
Running from C:\Users\MB\Downloads
Loaded Profiles: MB (Available profiles: MB)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2011-11-16] () [File not signed]
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3
C:\Users\MB\pdfprint.dat
C:\Program Files (x86)\autorun.inf
C:\windows\System32\Tasks\{36E0ECA6-F4C7-40C1-B0A8-C7B4A09D22BC}
C:\windows\SysWOW64\sho7760.tmp
C:\windows\SysWOW64\srvany.exe
C:\Program Files (x86)\README.HTM
C:\Program Files (x86)\setup.exe
EmptyTemp:
       
*****************

"HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
KMService => Service deleted successfully.
C:\ProgramData\Temp => ":FD9CE1F3" ADS removed successfully.
C:\Users\MB\pdfprint.dat => Moved successfully.
C:\Program Files (x86)\autorun.inf => Moved successfully.
C:\windows\System32\Tasks\{36E0ECA6-F4C7-40C1-B0A8-C7B4A09D22BC} => Moved successfully.
C:\windows\SysWOW64\sho7760.tmp => Moved successfully.
C:\windows\SysWOW64\srvany.exe => Moved successfully.
C:\Program Files (x86)\README.HTM => Moved successfully.
C:\Program Files (x86)\setup.exe => Moved successfully.
EmptyTemp: => Removed 242.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:21:30 ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:36 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19