Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bei HP Druckertreiberinstallation öffnet Free youtube Downloader (https://www.trojaner-board.de/166815-hp-druckertreiberinstallation-oeffnet-free-youtube-downloader.html)

inpeter 10.05.2015 16:52
Bei HP Druckertreiberinstallation öffnet Free youtube Downloader
 
Hallo,
ich habe folgendes Problem, das ich leider nicht alleine lösen kann.
Beim Installieren des HP Druckertreibers bzw. Druckersoftware wird nicht das Setupprogramm von HP gestartet, sondern das Setupfenster von Free Youtube Downloader aufgemacht.
Gleichzeitig meldet MWB die Blockierung von Open Candy.
Jeder Versuch den Treiber irgendwie zu installieren schlug fehl.
Stellenweise wird auch beim Programme deistallieren auf dieses Setup von Free Youtube Downloader zugegriffen anstatt das gewünschte Programm zu entfernen.
Die erforderlichen Logdateien habe ich erstellt und hoffe jemand weiß Rat.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 06:21:41, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Scheduler, Malware Database, 2015.5.9.4, 2015.5.10.2,
Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Refresh, Starting,
Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Refresh, Success,
Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Scan, 10.05.2015 07:43:59, SYSTEM, PC-8675764, Context, Start: 10.05.2015 06:23:08, Dauer: 1 Stunden 20 Minuten 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,
Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 09:43:49, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping,
Protection, 10.05.2015 10:32:08, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped,
Protection, 10.05.2015 12:04:59, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 12:05:45, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Detection, 10.05.2015 12:33:57, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-GCFA5.tmp\OCSetupHlp.dll, Quarantäne, [6496761ba1e943f3dc368db149bd6c94]
Detection, 10.05.2015 12:49:25, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-DB3R5.tmp\OCSetupHlp.dll, Quarantäne, [75850c85c7c348eeb55d3905fb0b8c74]
Detection, 10.05.2015 12:50:14, SYSTEM, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-PKD10.tmp\OCSetupHlp.dll, Quarantäne, [7585771a97f385b18092ef4f9076847c]
Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping,
Protection, 10.05.2015 13:22:44, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Manual, Malware Database, 2015.5.10.2, 2015.5.10.3,
Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Refresh, Starting,
Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Refresh, Success,
Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 14:53:52, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Scan, 10.05.2015 16:24:35, SYSTEM, PC-8675764, Manual, Start: 10.05.2015 14:58:45, Dauer: 1 Stunden 25 Minuten 50 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,

(end)

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Peter Maier (administrator) on PC-8675764 on 10-05-2015 13:22:39
Running from D:\Internetdownload
Loaded Profiles: Peter Maier (Available profiles: Peter Maier & Test & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe
(Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe
(Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe
(Alexandria Software Consulting) C:\Program Files (x86)\EWA net\server\bin\tomcat.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EWA\tbkern32.exe
(Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EPC\tbkern32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3683288306-3887556678-712919813-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2009-09-22] (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-04-07]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-04-07]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-18]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-03-10]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/", "hxxp://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX"
CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Docs) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-22]
CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22]
CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22]
CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22]
CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22]
CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22]
CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22]
CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22]
CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22]
CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22]
CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-04-30]
CHR Extension: (Wetter Europa) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdjjeekgglojebicfpgmiaeaadnhfaol [2015-02-22]
CHR Extension: (Bookmark Manager) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-03-10]
CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-18]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 EWA net DB Core; C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed]
R2 EWA net DB EPC; C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe [417792 2007-11-27] (Transaction Software, D 81829 Munich) [File not signed]
R2 EWA net DB WIS; C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed]
R2 EWA net Server; C:\Program Files (x86)\EWA net\server\bin\tomcat.exe [65536 2003-07-31] (Alexandria Software Consulting) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.)
S3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 12:38 - 2015-05-10 12:38 - 00000000 ____D () C:\LJP1100_P1560_P1600_SI_Utility
2015-05-10 12:05 - 2015-05-10 12:05 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-05-10 10:35 - 2015-05-10 10:35 - 00001668 _____ () C:\Users\Peter Maier\Desktop\JRT.txt
2015-05-10 10:32 - 2015-05-10 10:32 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PC-8675764-Windows-7-Professional-(64-bit).dat
2015-05-10 10:32 - 2015-05-10 10:32 - 00000000 ____D () C:\RegBackup
2015-05-10 00:41 - 2015-05-10 00:41 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\VSRevoGroup
2015-05-10 00:32 - 2015-05-10 00:32 - 00001270 _____ () C:\Users\Peter Maier\Desktop\Revo Uninstaller.lnk
2015-05-10 00:32 - 2015-05-10 00:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-09 20:20 - 2015-05-10 13:22 - 00000000 ____D () C:\FRST
2015-05-08 13:33 - 2015-05-08 13:33 - 00000000 ____D () C:\Program Files\HP
2015-05-08 13:33 - 2012-09-27 07:25 - 00056832 ____R () C:\Windows\system32\HP1100SMs.dll
2015-05-08 13:33 - 2012-09-27 07:25 - 00020480 ____R (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys
2015-05-08 13:33 - 2012-08-31 15:10 - 00350720 _____ () C:\Windows\system32\mvhlewsi.DLL
2015-05-08 13:33 - 2012-08-31 15:03 - 01696256 _____ () C:\Windows\system32\HP1100SM.EXE
2015-05-08 13:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\system32\HP1100LM.DLL
2015-05-08 13:17 - 2015-05-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-05-07 18:04 - 2015-05-07 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2015-05-07 17:57 - 2015-05-07 17:57 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2015-05-07 17:57 - 2015-05-07 17:57 - 00000000 ____D () C:\Program Files\Angry IP Scanner
2015-05-07 17:54 - 2015-05-07 17:54 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western_Digital_Technolog
2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\ProgramData\Western Digital
2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Western Digital
2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-15 03:14 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 03:14 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 03:14 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 03:14 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 03:14 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 03:14 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 03:14 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 03:14 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 03:14 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 03:14 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 03:14 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 03:14 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 03:14 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 03:14 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 03:14 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 03:14 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 03:14 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 03:14 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 03:14 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 03:14 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 03:14 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 03:14 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 03:14 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 03:14 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 03:14 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 03:14 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 03:13 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 03:13 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 03:13 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 03:13 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 03:13 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 03:13 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 03:13 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 03:13 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 03:13 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 03:13 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 03:13 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 03:13 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 03:13 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 03:13 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 03:13 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 03:13 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 03:13 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 03:13 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 03:13 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 03:13 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 03:13 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 03:13 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 03:13 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 03:13 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 03:13 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 03:13 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 03:13 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 03:13 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 03:13 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 03:13 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 03:13 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 03:13 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 03:13 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 03:13 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 03:13 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 03:13 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 03:13 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 03:13 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 03:13 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 03:13 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 03:13 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 03:13 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 03:13 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 03:13 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 03:13 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 03:13 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 03:13 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 03:13 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 03:13 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 03:13 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 03:13 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 03:13 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 03:13 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 03:13 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 03:13 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 03:13 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 03:13 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 03:13 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 03:13 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 03:13 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 03:13 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 03:13 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 03:13 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 03:13 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 03:13 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 03:13 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 03:13 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 03:13 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 03:13 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 03:13 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 03:13 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 03:13 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 03:13 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 03:13 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 13:00 - 2013-12-10 12:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 12:33 - 2014-04-08 11:24 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\DVDVideoSoft
2015-05-10 12:26 - 2012-04-09 10:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-10 12:18 - 2014-10-06 13:36 - 00005168 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764
2015-05-10 12:14 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 12:14 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 12:09 - 2009-12-02 14:53 - 01360754 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 12:07 - 2015-02-07 08:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 12:05 - 2013-12-10 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 12:04 - 2012-02-21 18:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-10 12:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 12:04 - 2009-07-14 06:51 - 00235367 _____ () C:\Windows\setupact.log
2015-05-10 09:42 - 2009-12-02 18:42 - 00533898 _____ () C:\Windows\PFRO.log
2015-05-10 09:40 - 2013-12-15 16:33 - 00000000 ____D () C:\AdwCleaner
2015-05-10 07:30 - 2009-12-16 23:37 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{76264225-A4E2-48C4-AA99-AAB4CC01A17C}
2015-05-10 06:20 - 2009-07-14 06:45 - 00670992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-10 06:03 - 2009-12-02 16:09 - 00199664 _____ () C:\Users\Peter Maier\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-09 13:39 - 2014-12-08 21:51 - 00007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg
2015-05-08 13:41 - 2009-07-14 19:58 - 00716356 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 13:41 - 2009-07-14 19:58 - 00155096 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 13:41 - 2009-07-14 07:13 - 01660476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 10:20 - 2015-02-07 08:35 - 00000794 _____ () C:\Users\Peter Maier\Documents\psr6.lic
2015-05-07 18:03 - 2014-07-09 07:58 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western Digital
2015-05-07 17:51 - 2014-08-18 16:21 - 00032842 _____ () C:\Windows\DPINST.LOG
2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-05-07 17:49 - 2014-01-24 13:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-07 11:26 - 2011-04-07 16:51 - 00000000 ____D () C:\ProgramData\SFirm
2015-05-07 11:23 - 2011-04-07 16:51 - 00000000 ____D () C:\Program Files (x86)\SFirm
2015-05-07 11:15 - 2011-05-02 17:40 - 00000000 ____D () C:\ProgramData\SFirm_Datensicherungen
2015-05-05 04:26 - 2014-06-23 12:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-01 02:02 - 2014-01-30 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-30 21:04 - 2015-02-22 11:29 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-26 03:56 - 2015-02-07 08:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-22 10:47 - 2014-06-07 09:21 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\Tyre
2015-04-17 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 04:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 03:44 - 2014-12-11 11:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 03:44 - 2014-04-30 18:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 03:23 - 2009-12-13 11:28 - 01637564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 03:20 - 2013-08-17 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:06 - 2009-12-02 15:07 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 21:57 - 2012-04-09 10:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 21:57 - 2012-04-09 10:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 21:57 - 2011-06-05 08:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 09:37 - 2015-02-07 08:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-02-07 08:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-02-07 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2013-12-08 15:09 - 2013-12-15 16:45 - 0000055 _____ () C:\Users\Peter Maier\AppData\Roaming\mbam.context.scan
2010-04-24 22:50 - 2012-12-06 12:46 - 0009728 _____ () C:\Users\Peter Maier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-10 12:39 - 2015-03-10 12:39 - 0000036 _____ () C:\Users\Peter Maier\AppData\Local\housecall.guid.cache
2014-12-08 21:51 - 2015-05-09 13:39 - 0007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Peter Maier\WDMyCloud_win.exe
C:\Users\Public\TTi_50_MR_2012_TIS.exe


Some content of TEMP:
====================
C:\Users\Peter Maier\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter Maier\AppData\Local\Temp\sqlite3.dll
C:\Users\Test\AppData\Local\Temp\lpuninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 00:25

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Peter Maier at 2015-05-10 13:25:54
Running from D:\Internetdownload
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3683288306-3887556678-712919813-500 - Administrator - Disabled)
Gast (S-1-5-21-3683288306-3887556678-712919813-501 - Limited - Enabled)
Peter Maier (S-1-5-21-3683288306-3887556678-712919813-1000 - Administrator - Enabled) => C:\Users\Peter Maier
PQPBSUSER (S-1-5-21-3683288306-3887556678-712919813-1011 - Administrator - Enabled)
Test (S-1-5-21-3683288306-3887556678-712919813-1004 - Limited - Enabled) => C:\Users\Test
UpdatusUser (S-1-5-21-3683288306-3887556678-712919813-1009 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Disabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Disabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version:  - Cardo Systems, Inc.)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
DE (x32 Version: 13.0 - Corel Corporation) Hidden
Design & Print (HKLM-x32\...\Design & Print 1.0.5) (Version: 1.0.5 - Avery Zweckform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Document_Installer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EPC Compact plus 1.0 (HKLM-x32\...\dbcs1) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EWA net (HKLM-x32\...\EWA net) (Version:  - )
EWA_net_Admin (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_Client_Applications (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_Core (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_EPC (x32 Version: 1.00.0000 - Daimler) Hidden
EWA_net_Server (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_WIS (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_WIS_CaseOnline_Importer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HS/3 2011 (HKLM-x32\...\HS/3_is1) (Version: 2011 (2011.11.001) - HS/3 Hotelsoftware GmbH & Co. KG)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Lexware Elster (HKLM-x32\...\{A4AAD5E5-1563-4A51-AFFC-F896AC979EAE}) (Version: 15.04.00.0028 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware kassenbuch (HKLM-x32\...\{775A55F3-97B4-4574-BD15-8A4C1343B907}) (Version: 13.00.00.0091 - Haufe-Lexware GmbH Co.KG)
Lexware lohn+gehalt 2015 (x32 Version: 19.05.00.0078 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware lohn+gehalt plus 2015 (HKLM-x32\...\{3c62bbd1-b4c3-4978-9201-ff5109b491f7}) (Version: 19.1.0.86 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 22.00.00.0035 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.51 (HKLM\...\SP6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Meter Drivers for OneTouch(R) Software (x32 Version: 1.6.0.0 - LifeScan) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Msxml4 for LDCF (HKLM-x32\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Password Safe and Repository 7 (HKLM\...\{7B6F4DF3-57DA-49AD-8A6B-5639E9D66E8B}) (Version: 7.2.0.2208 - MATESO GmbH)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
TerraTec H5 V5.09.0813.00 (HKLM-x32\...\TerraTec H5) (Version: 5.09.0813.00 - )
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.4.0.6 - 't Schrijverke)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peter Maier\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-05-2015 12:00:50 Windows-Sicherung
07-05-2015 17:48:35 WD SmartWare Installer
08-05-2015 12:45:58 Konfiguriert Messgerätetreiber für die OneTouch® Software
08-05-2015 13:16:23 Installed HP Support Solutions Framework
10-05-2015 00:34:38 Revo Uninstaller's restore point - Avery Wizard 5.0
10-05-2015 00:35:21 Avery Wizard 5.0 wurde entfernt.
10-05-2015 00:46:17 Revo Uninstaller's restore point - Messgerätetreiber für die OneTouch® Software  v1.6
10-05-2015 00:46:38 Konfiguriert Messgerätetreiber für die OneTouch® Software
10-05-2015 06:02:49 Revo Uninstaller's restore point - Free YouTube Download version 3.2.49.1022
10-05-2015 11:53:40 Removed HP Support Solutions Framework
10-05-2015 12:00:31 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1543C57B-8E6E-4966-A0D5-05C701E31C7F} - System32\Tasks\{F6B6BB97-9D90-444E-8655-0AB7981B6267} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {19C13B80-158C-462C-B9FC-79672668604A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION
Task: {2A6AF256-1ED9-466A-99E5-41279B89C6B8} - System32\Tasks\{C4AF5F76-3732-4AF9-B40E-214BD319CA67} => pcalua.exe -a "D:\Internetdownload\DE_de_DP5_DL_20100525 (1).exe" -d D:\Internetdownload
Task: {2D8CF4A1-7650-42C4-B26E-095CDD959348} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {3A5F2EDA-BC34-433E-9C60-9155D2525403} - System32\Tasks\{282A274C-E9BB-44EC-8F20-175269CA0F83} => pcalua.exe -a "D:\Internetdownload\Setup (1).exe" -d D:\Internetdownload
Task: {46B42DE3-2E61-46F9-A33B-1BD6DA73956D} - System32\Tasks\{DC681306-3E13-4F05-89DF-F4604678DBDD} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {5649080F-AB53-4851-A1DE-1A27B9345604} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {5687D392-21E9-4C48-8DAA-78AB47F0340A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {574F9381-5F9E-4EBA-88CA-5F03F09E03B9} - System32\Tasks\{6B4366FB-FBE5-4929-8003-EF88A07A3CC7} => pcalua.exe -a C:\bhps\Sys186\bin\launcher.exe -d C:\bhps\Sys186\bin -c -aDBCS {"C:\bhps\dbcs1\bin\winmbww.exe" -aDBCS 0 1}
Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION
Task: {5FFA3EA4-E718-4C2B-8654-B01D1A2722D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6D4DE76F-309A-4D18-9D3D-BBDAF4FED753} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {73637D49-B93F-4F26-8A9D-2C6398B486AC} - System32\Tasks\{DD5FC5D8-0162-46B6-8A1C-8524DC1C4F4C} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION
Task: {8303BEA7-9834-40D1-80F9-78DFB079DDB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {832BABB5-5A41-4350-9600-CD611E8CA53E} - System32\Tasks\{707B91E9-53CE-4387-B058-E31E4A46B4C6} => pcalua.exe -a D:\Internetdownload\setup.exe -d D:\Internetdownload
Task: {83A8EA0E-F6AB-4B49-8413-446D12B47005} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {867A8D03-6D75-453C-8672-ADB75019788B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {87BAC021-9506-4148-B955-C88B941F32B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {932CCBC0-3933-4B39-ADC5-FDA3E623B0D4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION
Task: {A0B949CD-5933-4E4C-B532-B3A5FFB1173D} - System32\Tasks\{881B582D-7E9E-4263-AC63-F51D1E1A9CA7} => E:\SETUP.EXE
Task: {A3836003-21BE-4BCF-906C-22C4C746B141} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {A6C8215A-D64C-40CE-892A-2B052E947D8E} - System32\Tasks\Amazon Music Helper => C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe
Task: {A9F51D7B-0B3B-4AFA-8312-CD48E3CA370D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {B20D795C-230B-492D-BFA6-099A67A843F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {B9E59A2F-71BF-4684-A154-71D37C6C6A9A} - System32\Tasks\{D0BB2061-ED66-4D1B-9DBE-402AF27E6D38} => E:\SETUP.EXE
Task: {BE87B7E9-6561-4A7B-B7BB-098E56A6D693} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {D1AA3BB6-9F1C-4C7A-B9A2-92BA8C8443B6} - System32\Tasks\{17BB5240-1395-451F-847B-E8044B09ED9F} => C:\Program Files (x86)\Sfirm32\SFirm32.exe
Task: {D4888BAD-9C71-46A5-B24E-7E6F2151DF14} - System32\Tasks\{BAE4C050-1FCA-4BFB-96FA-9FD953AFF402} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {E0355066-CCF2-4291-9F37-AF0A7681ADBD} - System32\Tasks\{A207691B-BB71-491D-8C20-0A25D15B0604} => pcalua.exe -a C:\bhps\Instlr4\bin\uninstaller.exe -c -iDBCS -lg -n"EPC Compact plus 1.0" -p"C:\bhps\dbcs1" -r"C:\bhps\Instlr4"
Task: {E94E0D12-1AE6-4B34-B017-33BDC3E60D67} - System32\Tasks\{BBEB252E-D5E6-4774-8FE8-7960E114443E} => E:\SETUP.EXE
Task: {F06788A7-B1E9-4F71-A8CF-343533D1BA57} - System32\Tasks\Western Digital\SmartWare\____Volume_1a175e4c_df64_11de_acc7_00241dd8bd54__uuid_73656761_7465_7375_636b_0090a9448272_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-02-21 18:01 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-23 12:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 12:44 - 2014-07-20 21:05 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2015-03-10 12:44 - 2014-07-20 21:05 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2015-03-10 12:44 - 2014-07-20 21:05 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2015-03-10 12:44 - 2014-07-20 21:05 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2015-04-30 21:03 - 2015-04-28 01:59 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 21:03 - 2015-04-28 01:59 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 21:03 - 2015-04-28 01:59 - 26783560 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
2012-05-03 12:11 - 2011-03-23 12:33 - 00147456 _____ () C:\Program Files (x86)\EWA net\apps\jre\private_jre\bin\server\jvm.dll
2012-05-03 12:13 - 2008-04-04 14:23 - 00036864 ____N () C:\Program Files (x86)\EWA net\database\TransBase EWA\polycsr.dll
2012-05-03 12:13 - 2008-04-04 14:23 - 00166912 ____N () C:\Program Files (x86)\EWA net\database\TransBase EWA\libmcrypt.dll
2012-05-03 12:16 - 2005-03-21 16:54 - 00036864 ____N () C:\Program Files (x86)\EWA net\database\TransBase EPC\polycsr.dll
2012-05-03 12:16 - 2007-11-26 17:26 - 00166912 ____N () C:\Program Files (x86)\EWA net\database\TransBase EPC\libmcrypt.dll
2015-03-10 12:23 - 2014-07-20 21:05 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll
2015-03-10 12:23 - 2014-07-20 21:05 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter Maier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Amazon Music => "C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: PocketCloud Location => "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Remote Control Editor => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTVRC.exe
MSCONFIG\startupreg: SfWinStartInfo => "C:\Program Files (x86)\SFirm\sfWinStartupInfo.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4B7DBCE0-6CE8-4B71-892E-8012C23FB813}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{399CB9C5-A6F8-4E89-8BC0-EDD62894FBD2}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{BD97A8DC-6573-4EE8-BD49-9B5E30B35B6F}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{C9CB1051-E3C8-4608-A70F-D6EA532A9370}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{6050D991-FCC3-4D04-99F1-D9FFAD78AB74}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{263848C5-AF37-4263-9065-70FFCCAD6148}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [TCP Query User{26E3CBD9-9E23-4E80-8F2C-C20F3F10F13D}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe
FirewallRules: [UDP Query User{811782A2-27D1-4F94-A2D1-F14DC5559BC4}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{CEC9E652-3C73-4710-B965-732A1B8D47F0}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{BCE2C536-917D-4E3E-A770-B17B6AA33C08}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{20B46BEC-F654-425A-BBC3-9DA14395E1B6}] => (Allow) C:\Users\Peter Maier\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{09544B2B-CA88-4C61-86EF-F4413E54EC03}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1600A03D-D29F-4389-A407-3052B40CD998}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{D0F28F19-7DB4-4AE6-93A2-080A512BA5AB}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [UDP Query User{B5091A54-5561-4420-A56F-854C2A3603FF}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [{DDB356A3-989F-464F-BFCE-59C6786575CC}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{ACAD0768-9293-458E-8477-7484640133AE}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{24015115-3BC8-499D-B000-FDA88AE11B16}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{118E4F48-5B66-45BD-BCFF-30228C2ED4A3}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{5218B62C-FF43-416E-9590-F37E530CFF0F}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{EEFB2DB5-9F30-47CC-B5D7-ED766997C48B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{11B9FA93-FC56-4CC2-8E09-1B2E8FCF6065}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D46B30B5-6C64-4E92-9380-D44FECFF957E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{696C7281-5A01-4DC4-8359-55DBC0DC90F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F732E822-A259-4733-AE89-F9D3710D3632}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [{D251C611-FF3E-4E51-9C50-6A03BD30A210}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [TCP Query User{7154096D-8410-4DE4-81D5-E0CA3DB7AB2D}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [UDP Query User{7EAF97EE-5ED9-4D49-AF3C-1ADE360BBCF0}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [{EBB1A770-7C1B-4850-9B30-1116CE15B797}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a
Name des fehlerhaften Moduls: nsWeb.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x509b7f18
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04d12dc2
ID des fehlerhaften Prozesses: 0x760
Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0
Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1
Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2
Berichtskennung: Setup_DriverDoc_2015.exe3

Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea0b
ID des fehlerhaften Prozesses: 0x17dc
Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0
Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1
Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2
Berichtskennung: Setup_DriverDoc_2015.exe3

Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51
Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000154f89
ID des fehlerhaften Prozesses: 0x920
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002defe
ID des fehlerhaften Prozesses: 0x21ec
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3

Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0003354b
ID des fehlerhaften Prozesses: 0x1a88
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3

Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002defe
ID des fehlerhaften Prozesses: 0x1944
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3

Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1214

Startzeit: 01d0857a1ecb2e5b

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a9db592f-f1a5-11e4-8be2-404e57434401

Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()


System errors:
=============
Error: (05/10/2015 00:22:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (05/10/2015 00:07:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/10/2015 00:07:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/10/2015 10:33:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EWA net Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EWA net DB EPC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EWA net DB WIS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7ansWeb.dll_unloaded0.0.0.0509b7f18c000000504d12dc276001d08b0fcbe85c8aD:\Internetdownload\Setup_DriverDoc_2015.exensWeb.dll0f370aca-f703-11e4-a502-404e57434401

Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7antdll.dll6.1.7601.187985507b3e0c0000374000cea0b17dc01d08b0f9b9e0f64D:\Internetdownload\Setup_DriverDoc_2015.exeC:\Windows\SysWOW64\ntdll.dlle358ee58-f702-11e4-a502-404e57434401

Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.142251428f51nvtray.exe7.17.13.142251428f51400000150000000000154f8992001d08ad8b1baaf62C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe3592e115-f6cc-11e4-b616-404e57434401

Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe21ec01d088df55c023d7C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll5212c1f0-f4d3-11e4-8be2-404e57434401

Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0003354b1a8801d088de97cdecfcC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll8c6538d9-f4d2-11e4-8be2-404e57434401

Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe194401d088dd9fe653c6C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dllc0c8835f-f4d1-11e4-8be2-404e57434401

Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567121401d0857a1ecb2e5b0C:\Windows\Explorer.EXEa9db592f-f1a5-11e4-8be2-404e57434401

Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 54%
Total physical RAM: 4094.49 MB
Available physical RAM: 1857.28 MB
Total Pagefile: 8187.18 MB
Available Pagefile: 5412.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:297.99 GB) (Free:153.3 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:465.76 GB) (Free:45 GB) NTFS
Drive f: (PKBACK# 001) (Removable) (Total:3.69 GB) (Free:3.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7B749EEA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: EC35DFA7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 06:21:41, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Scheduler, Malware Database, 2015.5.9.4, 2015.5.10.2,
Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Refresh, Starting,
Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Refresh, Success,
Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Scan, 10.05.2015 07:43:59, SYSTEM, PC-8675764, Context, Start: 10.05.2015 06:23:08, Dauer: 1 Stunden 20 Minuten 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,
Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 09:43:49, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping,
Protection, 10.05.2015 10:32:08, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped,
Protection, 10.05.2015 12:04:59, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 12:05:45, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Detection, 10.05.2015 12:33:57, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-GCFA5.tmp\OCSetupHlp.dll, Quarantäne, [6496761ba1e943f3dc368db149bd6c94]
Detection, 10.05.2015 12:49:25, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-DB3R5.tmp\OCSetupHlp.dll, Quarantäne, [75850c85c7c348eeb55d3905fb0b8c74]
Detection, 10.05.2015 12:50:14, SYSTEM, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-PKD10.tmp\OCSetupHlp.dll, Quarantäne, [7585771a97f385b18092ef4f9076847c]
Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping,
Protection, 10.05.2015 13:22:44, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Starting,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Started,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Manual, Malware Database, 2015.5.10.2, 2015.5.10.3,
Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Refresh, Starting,
Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Refresh, Success,
Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 14:53:52, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started,
Scan, 10.05.2015 16:24:35, SYSTEM, PC-8675764, Manual, Start: 10.05.2015 14:58:45, Dauer: 1 Stunden 25 Minuten 50 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,

(end)
Gmer könnte ich nur als Anhang einfügen

cosinus 10.05.2015 16:57
Hi und :hallo:

Ich hab schwer den Eindruck, dass es sich hier um ein gewerblich genutztes System handelt.

Wenn dem so ist, bitte unsere Policy dazu lesen. => http://www.trojaner-board.de/108422-...tml#post758384

Insbesondere:

Zitat:
Grundsätzlich bereinigen wir keine gewerblich genutzen Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

(...)Hier gilt insbesondere, dass wir im Nachhinein keine Logfiles löschen werden, egal wie sehr "euer Chef das auch will".
Gelesen und verstanden?

inpeter 10.05.2015 17:58
ja, gelesen und verstanden

es ist richtig.
Es sind gewerbliche Programme auf dem Rechner, da ich bis 31.12.2014 Selbstständig war und solange bis der Zirkus mit Finanzamt, Steuerberater, Krankenkassen und letzter Jahresabschluß nicht erledigt ist kann ich diese Programme nicht löschen.

Sonst hätte ich die Kiste plattgemacht und die Programme die ich brauche wieder installiert.

Ich kann dir gerne meine Gewerbeabmeldung zukommen lassen.

Habe leider nicht daran gedacht.

cosinus 10.05.2015 18:09
Ok, geht klar, danke für die Erklärung.

Hast du nur diese Logs von Malwarebytes? Weil du hast nur die Protection-Logs gepostet.

inpeter 11.05.2015 08:58
Hallo,

ja, nur noch den Scanlog den füge ich ein.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.05.2015
Suchlauf-Zeit: 06:23:08
Logdatei: mbam-log1.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.10.02
Rootkit Datenbank: v2015.04.21.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Peter Maier

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 559464
Verstrichene Zeit: 1 Std, 20 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

cosinus 11.05.2015 12:06
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


inpeter 12.05.2015 05:32
Hallo,

alle Scans gemacht

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Peter Maier at 2015-05-12 06:24:59
Running from D:\Internetdownload
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3683288306-3887556678-712919813-500 - Administrator - Disabled)
Gast (S-1-5-21-3683288306-3887556678-712919813-501 - Limited - Enabled)
Peter Maier (S-1-5-21-3683288306-3887556678-712919813-1000 - Administrator - Enabled) => C:\Users\Peter Maier
PQPBSUSER (S-1-5-21-3683288306-3887556678-712919813-1011 - Administrator - Enabled)
Test (S-1-5-21-3683288306-3887556678-712919813-1004 - Limited - Enabled) => C:\Users\Test
UpdatusUser (S-1-5-21-3683288306-3887556678-712919813-1009 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Disabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Internet Security (Disabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version:  - Cardo Systems, Inc.)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
DE (x32 Version: 13.0 - Corel Corporation) Hidden
Design & Print (HKLM-x32\...\Design & Print 1.0.5) (Version: 1.0.5 - Avery Zweckform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Document_Installer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EPC Compact plus 1.0 (HKLM-x32\...\dbcs1) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EWA net (HKLM-x32\...\EWA net) (Version:  - )
EWA_net_Admin (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_Client_Applications (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_Core (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_EPC (x32 Version: 1.00.0000 - Daimler) Hidden
EWA_net_Server (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_WIS (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
EWA_net_WIS_CaseOnline_Importer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HS/3 2011 (HKLM-x32\...\HS/3_is1) (Version: 2011 (2011.11.001) - HS/3 Hotelsoftware GmbH & Co. KG)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Lexware Elster (HKLM-x32\...\{A4AAD5E5-1563-4A51-AFFC-F896AC979EAE}) (Version: 15.04.00.0028 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware kassenbuch (HKLM-x32\...\{775A55F3-97B4-4574-BD15-8A4C1343B907}) (Version: 13.00.00.0091 - Haufe-Lexware GmbH Co.KG)
Lexware lohn+gehalt 2015 (x32 Version: 19.05.00.0078 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware lohn+gehalt plus 2015 (HKLM-x32\...\{3c62bbd1-b4c3-4978-9201-ff5109b491f7}) (Version: 19.1.0.86 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 22.00.00.0035 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Logitech SetPoint 6.51 (HKLM\...\SP6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Meter Drivers for OneTouch(R) Software (x32 Version: 1.6.0.0 - LifeScan) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Msxml4 for LDCF (HKLM-x32\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - )
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Password Safe and Repository 7 (HKLM\...\{7B6F4DF3-57DA-49AD-8A6B-5639E9D66E8B}) (Version: 7.2.0.2208 - MATESO GmbH)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
TerraTec H5 V5.09.0813.00 (HKLM-x32\...\TerraTec H5) (Version: 5.09.0813.00 - )
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.4.0.6 - 't Schrijverke)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peter Maier\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-05-2015 12:00:50 Windows-Sicherung
07-05-2015 17:48:35 WD SmartWare Installer
08-05-2015 12:45:58 Konfiguriert Messgerätetreiber für die OneTouch® Software
08-05-2015 13:16:23 Installed HP Support Solutions Framework
10-05-2015 00:34:38 Revo Uninstaller's restore point - Avery Wizard 5.0
10-05-2015 00:35:21 Avery Wizard 5.0 wurde entfernt.
10-05-2015 00:46:17 Revo Uninstaller's restore point - Messgerätetreiber für die OneTouch® Software  v1.6
10-05-2015 00:46:38 Konfiguriert Messgerätetreiber für die OneTouch® Software
10-05-2015 06:02:49 Revo Uninstaller's restore point - Free YouTube Download version 3.2.49.1022
10-05-2015 11:53:40 Removed HP Support Solutions Framework
10-05-2015 12:00:31 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1543C57B-8E6E-4966-A0D5-05C701E31C7F} - System32\Tasks\{F6B6BB97-9D90-444E-8655-0AB7981B6267} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {19C13B80-158C-462C-B9FC-79672668604A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION
Task: {2A6AF256-1ED9-466A-99E5-41279B89C6B8} - System32\Tasks\{C4AF5F76-3732-4AF9-B40E-214BD319CA67} => pcalua.exe -a "D:\Internetdownload\DE_de_DP5_DL_20100525 (1).exe" -d D:\Internetdownload
Task: {2D8CF4A1-7650-42C4-B26E-095CDD959348} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {3A5F2EDA-BC34-433E-9C60-9155D2525403} - System32\Tasks\{282A274C-E9BB-44EC-8F20-175269CA0F83} => pcalua.exe -a "D:\Internetdownload\Setup (1).exe" -d D:\Internetdownload
Task: {46B42DE3-2E61-46F9-A33B-1BD6DA73956D} - System32\Tasks\{DC681306-3E13-4F05-89DF-F4604678DBDD} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {5649080F-AB53-4851-A1DE-1A27B9345604} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {5687D392-21E9-4C48-8DAA-78AB47F0340A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {574F9381-5F9E-4EBA-88CA-5F03F09E03B9} - System32\Tasks\{6B4366FB-FBE5-4929-8003-EF88A07A3CC7} => pcalua.exe -a C:\bhps\Sys186\bin\launcher.exe -d C:\bhps\Sys186\bin -c -aDBCS {"C:\bhps\dbcs1\bin\winmbww.exe" -aDBCS 0 1}
Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION
Task: {5FFA3EA4-E718-4C2B-8654-B01D1A2722D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6D4DE76F-309A-4D18-9D3D-BBDAF4FED753} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {73637D49-B93F-4F26-8A9D-2C6398B486AC} - System32\Tasks\{DD5FC5D8-0162-46B6-8A1C-8524DC1C4F4C} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION
Task: {8303BEA7-9834-40D1-80F9-78DFB079DDB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {832BABB5-5A41-4350-9600-CD611E8CA53E} - System32\Tasks\{707B91E9-53CE-4387-B058-E31E4A46B4C6} => pcalua.exe -a D:\Internetdownload\setup.exe -d D:\Internetdownload
Task: {83A8EA0E-F6AB-4B49-8413-446D12B47005} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {867A8D03-6D75-453C-8672-ADB75019788B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {87BAC021-9506-4148-B955-C88B941F32B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {932CCBC0-3933-4B39-ADC5-FDA3E623B0D4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION
Task: {A0B949CD-5933-4E4C-B532-B3A5FFB1173D} - System32\Tasks\{881B582D-7E9E-4263-AC63-F51D1E1A9CA7} => E:\SETUP.EXE
Task: {A3836003-21BE-4BCF-906C-22C4C746B141} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {A6C8215A-D64C-40CE-892A-2B052E947D8E} - System32\Tasks\Amazon Music Helper => C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe
Task: {A9F51D7B-0B3B-4AFA-8312-CD48E3CA370D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {B20D795C-230B-492D-BFA6-099A67A843F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {B9E59A2F-71BF-4684-A154-71D37C6C6A9A} - System32\Tasks\{D0BB2061-ED66-4D1B-9DBE-402AF27E6D38} => E:\SETUP.EXE
Task: {BE87B7E9-6561-4A7B-B7BB-098E56A6D693} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {D1AA3BB6-9F1C-4C7A-B9A2-92BA8C8443B6} - System32\Tasks\{17BB5240-1395-451F-847B-E8044B09ED9F} => C:\Program Files (x86)\Sfirm32\SFirm32.exe
Task: {D4888BAD-9C71-46A5-B24E-7E6F2151DF14} - System32\Tasks\{BAE4C050-1FCA-4BFB-96FA-9FD953AFF402} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] ()
Task: {E0355066-CCF2-4291-9F37-AF0A7681ADBD} - System32\Tasks\{A207691B-BB71-491D-8C20-0A25D15B0604} => pcalua.exe -a C:\bhps\Instlr4\bin\uninstaller.exe -c -iDBCS -lg -n"EPC Compact plus 1.0" -p"C:\bhps\dbcs1" -r"C:\bhps\Instlr4"
Task: {E94E0D12-1AE6-4B34-B017-33BDC3E60D67} - System32\Tasks\{BBEB252E-D5E6-4774-8FE8-7960E114443E} => E:\SETUP.EXE
Task: {F06788A7-B1E9-4F71-A8CF-343533D1BA57} - System32\Tasks\Western Digital\SmartWare\____Volume_1a175e4c_df64_11de_acc7_00241dd8bd54__uuid_73656761_7465_7375_636b_0090a9448272_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-10 12:44 - 2014-07-20 21:05 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2015-03-10 12:44 - 2014-07-20 21:05 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2015-03-10 12:44 - 2014-07-20 21:05 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2014-06-23 12:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-18 10:06 - 2014-11-18 10:06 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter Maier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Amazon Music => "C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: PocketCloud Location => "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Remote Control Editor => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTVRC.exe
MSCONFIG\startupreg: SfWinStartInfo => "C:\Program Files (x86)\SFirm\sfWinStartupInfo.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4B7DBCE0-6CE8-4B71-892E-8012C23FB813}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{399CB9C5-A6F8-4E89-8BC0-EDD62894FBD2}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{BD97A8DC-6573-4EE8-BD49-9B5E30B35B6F}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{C9CB1051-E3C8-4608-A70F-D6EA532A9370}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{6050D991-FCC3-4D04-99F1-D9FFAD78AB74}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{263848C5-AF37-4263-9065-70FFCCAD6148}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [TCP Query User{26E3CBD9-9E23-4E80-8F2C-C20F3F10F13D}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe
FirewallRules: [UDP Query User{811782A2-27D1-4F94-A2D1-F14DC5559BC4}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{CEC9E652-3C73-4710-B965-732A1B8D47F0}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{BCE2C536-917D-4E3E-A770-B17B6AA33C08}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{20B46BEC-F654-425A-BBC3-9DA14395E1B6}] => (Allow) C:\Users\Peter Maier\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{09544B2B-CA88-4C61-86EF-F4413E54EC03}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1600A03D-D29F-4389-A407-3052B40CD998}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{D0F28F19-7DB4-4AE6-93A2-080A512BA5AB}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [UDP Query User{B5091A54-5561-4420-A56F-854C2A3603FF}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [{DDB356A3-989F-464F-BFCE-59C6786575CC}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{ACAD0768-9293-458E-8477-7484640133AE}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{24015115-3BC8-499D-B000-FDA88AE11B16}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{118E4F48-5B66-45BD-BCFF-30228C2ED4A3}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{5218B62C-FF43-416E-9590-F37E530CFF0F}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{EEFB2DB5-9F30-47CC-B5D7-ED766997C48B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{11B9FA93-FC56-4CC2-8E09-1B2E8FCF6065}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D46B30B5-6C64-4E92-9380-D44FECFF957E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{696C7281-5A01-4DC4-8359-55DBC0DC90F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F732E822-A259-4733-AE89-F9D3710D3632}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [{D251C611-FF3E-4E51-9C50-6A03BD30A210}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [TCP Query User{7154096D-8410-4DE4-81D5-E0CA3DB7AB2D}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [UDP Query User{7EAF97EE-5ED9-4D49-AF3C-1ADE360BBCF0}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe
FirewallRules: [{EBB1A770-7C1B-4850-9B30-1116CE15B797}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a
Name des fehlerhaften Moduls: nsWeb.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x509b7f18
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04d12dc2
ID des fehlerhaften Prozesses: 0x760
Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0
Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1
Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2
Berichtskennung: Setup_DriverDoc_2015.exe3

Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea0b
ID des fehlerhaften Prozesses: 0x17dc
Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0
Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1
Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2
Berichtskennung: Setup_DriverDoc_2015.exe3

Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51
Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000154f89
ID des fehlerhaften Prozesses: 0x920
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3

Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002defe
ID des fehlerhaften Prozesses: 0x21ec
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3

Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0003354b
ID des fehlerhaften Prozesses: 0x1a88
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3

Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002defe
ID des fehlerhaften Prozesses: 0x1944
Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0
Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1
Pfad des fehlerhaften Moduls: WDBackupEngine.exe2
Berichtskennung: WDBackupEngine.exe3

Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1214

Startzeit: 01d0857a1ecb2e5b

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a9db592f-f1a5-11e4-8be2-404e57434401

Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()


System errors:
=============
Error: (05/12/2015 06:18:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EWA net Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 06:17:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/12/2015 06:17:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 06:17:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EWA net DB Core" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EWA net DB EPC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EWA net DB WIS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/12/2015 06:17:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7ansWeb.dll_unloaded0.0.0.0509b7f18c000000504d12dc276001d08b0fcbe85c8aD:\Internetdownload\Setup_DriverDoc_2015.exensWeb.dll0f370aca-f703-11e4-a502-404e57434401

Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7antdll.dll6.1.7601.187985507b3e0c0000374000cea0b17dc01d08b0f9b9e0f64D:\Internetdownload\Setup_DriverDoc_2015.exeC:\Windows\SysWOW64\ntdll.dlle358ee58-f702-11e4-a502-404e57434401

Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.142251428f51nvtray.exe7.17.13.142251428f51400000150000000000154f8992001d08ad8b1baaf62C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe3592e115-f6cc-11e4-b616-404e57434401

Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe21ec01d088df55c023d7C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll5212c1f0-f4d3-11e4-8be2-404e57434401

Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0003354b1a8801d088de97cdecfcC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll8c6538d9-f4d2-11e4-8be2-404e57434401

Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe194401d088dd9fe653c6C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dllc0c8835f-f4d1-11e4-8be2-404e57434401

Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567121401d0857a1ecb2e5b0C:\Windows\Explorer.EXEa9db592f-f1a5-11e4-8be2-404e57434401

Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 35%
Total physical RAM: 4094.49 MB
Available physical RAM: 2630.27 MB
Total Pagefile: 8187.18 MB
Available Pagefile: 6629.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:297.99 GB) (Free:151.98 GB) NTFS
Drive d: (DATEN) (Fixed) (Total:465.76 GB) (Free:44.56 GB) NTFS
Drive f: (PKBACK# 001) (Removable) (Total:3.69 GB) (Free:3.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7B749EEA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: EC35DFA7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Code:
# AdwCleaner v4.203 - Bericht erstellt 11/05/2015 um 23:26:23
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Peter Maier - PC-8675764
# Gestarted von : D:\Internetdownload\AdwCleaner_4.203 (1).exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [24001 Bytes] - [15/12/2013 16:33:25]
AdwCleaner[R1].txt - [1017 Bytes] - [16/12/2013 16:21:34]
AdwCleaner[R2].txt - [3928 Bytes] - [10/05/2015 08:29:10]
AdwCleaner[R3].txt - [839 Bytes] - [11/05/2015 23:26:23]
AdwCleaner[S0].txt - [21133 Bytes] - [15/12/2013 16:39:18]
AdwCleaner[S1].txt - [1078 Bytes] - [16/12/2013 16:24:00]
AdwCleaner[S2].txt - [3936 Bytes] - [10/05/2015 09:40:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1075 Bytes] ##########

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Peter Maier (administrator) on PC-8675764 on 12-05-2015 06:21:57
Running from D:\Internetdownload
Loaded Profiles: Peter Maier (Available profiles: Peter Maier & Test & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Farbar) D:\Internetdownload\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Peter Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-05-11]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3683288306-3887556678-712919813-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2009-09-22] (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-04-07]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-04-07]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-18]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-03-10]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/", "hxxp://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX"
CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Docs) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-22]
CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22]
CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22]
CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22]
CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22]
CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22]
CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22]
CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22]
CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22]
CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22]
CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-04-30]
CHR Extension: (Wetter Europa) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdjjeekgglojebicfpgmiaeaadnhfaol [2015-02-22]
CHR Extension: (Bookmark Manager) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-03-10]
CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-18]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S2 EWA net DB Core; C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed]
S2 EWA net DB EPC; C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe [417792 2007-11-27] (Transaction Software, D 81829 Munich) [File not signed]
S2 EWA net DB WIS; C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed]
S2 EWA net Server; C:\Program Files (x86)\EWA net\server\bin\tomcat.exe [65536 2003-07-31] (Alexandria Software Consulting) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.)
S3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 06:20 - 2015-05-12 06:20 - 00000695 _____ () C:\Users\Peter Maier\Desktop\JRT.txt
2015-05-12 06:15 - 2015-05-12 06:14 - 00001154 _____ () C:\Users\Peter Maier\Desktop\AdwCleaner[R3].txt
2015-05-10 19:11 - 2015-05-12 06:18 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-05-10 19:10 - 2015-05-10 19:10 - 588081580 _____ () C:\Windows\MEMORY.DMP
2015-05-10 19:10 - 2015-05-10 19:10 - 00542712 _____ () C:\Windows\Minidump\051015-27843-01.dmp
2015-05-10 19:10 - 2015-05-10 19:10 - 00000000 ____D () C:\Windows\Minidump
2015-05-10 14:46 - 2015-05-10 14:46 - 00022417 _____ () C:\Users\Peter Maier\Desktop\Gmer.txt
2015-05-10 12:38 - 2015-05-10 12:38 - 00000000 ____D () C:\LJP1100_P1560_P1600_SI_Utility
2015-05-10 10:32 - 2015-05-10 10:32 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PC-8675764-Windows-7-Professional-(64-bit).dat
2015-05-10 10:32 - 2015-05-10 10:32 - 00000000 ____D () C:\RegBackup
2015-05-10 00:41 - 2015-05-10 00:41 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\VSRevoGroup
2015-05-10 00:32 - 2015-05-10 00:32 - 00001270 _____ () C:\Users\Peter Maier\Desktop\Revo Uninstaller.lnk
2015-05-10 00:32 - 2015-05-10 00:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-09 20:20 - 2015-05-12 06:21 - 00000000 ____D () C:\FRST
2015-05-08 13:33 - 2015-05-08 13:33 - 00000000 ____D () C:\Program Files\HP
2015-05-08 13:33 - 2012-09-27 07:25 - 00056832 ____R () C:\Windows\system32\HP1100SMs.dll
2015-05-08 13:33 - 2012-09-27 07:25 - 00020480 ____R (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys
2015-05-08 13:33 - 2012-08-31 15:10 - 00350720 _____ () C:\Windows\system32\mvhlewsi.DLL
2015-05-08 13:33 - 2012-08-31 15:03 - 01696256 _____ () C:\Windows\system32\HP1100SM.EXE
2015-05-08 13:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\system32\HP1100LM.DLL
2015-05-08 13:17 - 2015-05-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-05-07 18:04 - 2015-05-07 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital
2015-05-07 17:57 - 2015-05-07 17:57 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2015-05-07 17:57 - 2015-05-07 17:57 - 00000000 ____D () C:\Program Files\Angry IP Scanner
2015-05-07 17:54 - 2015-05-07 17:54 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western_Digital_Technolog
2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\ProgramData\Western Digital
2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Western Digital
2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-15 03:14 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 03:14 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 03:14 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 03:14 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 03:14 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 03:14 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 03:14 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 03:14 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 03:14 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 03:14 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 03:14 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 03:14 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 03:14 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 03:14 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 03:14 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 03:14 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 03:14 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 03:14 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 03:14 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 03:14 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 03:14 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 03:14 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 03:14 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 03:14 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 03:14 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 03:14 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 03:14 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 03:14 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 03:14 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 03:14 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 03:14 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 03:13 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 03:13 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 03:13 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 03:13 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 03:13 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 03:13 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 03:13 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 03:13 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 03:13 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 03:13 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 03:13 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 03:13 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 03:13 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 03:13 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 03:13 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 03:13 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 03:13 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 03:13 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 03:13 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 03:13 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 03:13 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 03:13 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 03:13 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 03:13 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 03:13 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 03:13 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 03:13 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 03:13 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 03:13 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 03:13 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 03:13 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 03:13 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 03:13 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 03:13 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 03:13 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 03:13 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 03:13 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 03:13 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 03:13 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 03:13 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 03:13 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 03:13 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 03:13 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 03:13 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 03:13 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 03:13 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 03:13 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 03:13 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 03:13 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 03:13 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 03:13 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 03:13 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 03:13 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 03:13 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 03:13 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 03:13 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 03:13 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 03:13 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 03:13 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 03:13 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 03:13 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 03:13 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 03:13 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 03:13 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 03:13 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 03:13 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 03:13 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 03:13 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 03:13 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 03:13 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 03:13 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 03:13 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 03:13 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 03:13 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 03:13 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 03:13 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 03:13 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 03:13 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 06:15 - 2013-12-15 16:33 - 00000000 ____D () C:\AdwCleaner
2015-05-12 06:00 - 2013-12-10 12:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 05:26 - 2012-04-09 10:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 15:04 - 2014-10-06 13:36 - 00005168 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764
2015-05-11 12:00 - 2013-12-10 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 10:14 - 2009-07-14 06:51 - 00236232 _____ () C:\Windows\setupact.log
2015-05-11 10:00 - 2009-07-14 19:58 - 00716356 _____ () C:\Windows\system32\perfh007.dat
2015-05-11 10:00 - 2009-07-14 19:58 - 00155096 _____ () C:\Windows\system32\perfc007.dat
2015-05-11 10:00 - 2009-07-14 07:13 - 01660476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-11 09:44 - 2015-02-07 08:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 22:10 - 2009-12-02 14:53 - 01492930 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 19:19 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 19:19 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 19:10 - 2012-02-21 18:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-10 19:10 - 2009-12-02 18:42 - 00534208 _____ () C:\Windows\PFRO.log
2015-05-10 19:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 17:24 - 2014-12-08 21:51 - 00007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg
2015-05-10 14:55 - 2013-11-26 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-10 12:33 - 2014-04-08 11:24 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\DVDVideoSoft
2015-05-10 07:30 - 2009-12-16 23:37 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{76264225-A4E2-48C4-AA99-AAB4CC01A17C}
2015-05-10 06:20 - 2009-07-14 06:45 - 00670992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-10 06:03 - 2009-12-02 16:09 - 00199664 _____ () C:\Users\Peter Maier\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 10:20 - 2015-02-07 08:35 - 00000794 _____ () C:\Users\Peter Maier\Documents\psr6.lic
2015-05-07 18:03 - 2014-07-09 07:58 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western Digital
2015-05-07 17:51 - 2014-08-18 16:21 - 00032842 _____ () C:\Windows\DPINST.LOG
2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-05-07 17:49 - 2014-01-24 13:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-07 11:26 - 2011-04-07 16:51 - 00000000 ____D () C:\ProgramData\SFirm
2015-05-07 11:23 - 2011-04-07 16:51 - 00000000 ____D () C:\Program Files (x86)\SFirm
2015-05-07 11:15 - 2011-05-02 17:40 - 00000000 ____D () C:\ProgramData\SFirm_Datensicherungen
2015-05-05 04:26 - 2014-06-23 12:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-01 02:02 - 2014-01-30 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-30 21:04 - 2015-02-22 11:29 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-26 03:56 - 2015-02-07 08:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-22 10:47 - 2014-06-07 09:21 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\Tyre
2015-04-17 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 04:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 03:44 - 2014-12-11 11:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 03:44 - 2014-04-30 18:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 03:23 - 2009-12-13 11:28 - 01637564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 03:20 - 2013-08-17 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:06 - 2009-12-02 15:07 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 21:57 - 2012-04-09 10:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 21:57 - 2012-04-09 10:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 21:57 - 2011-06-05 08:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 09:37 - 2015-02-07 08:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-02-07 08:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-02-07 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2013-12-08 15:09 - 2013-12-15 16:45 - 0000055 _____ () C:\Users\Peter Maier\AppData\Roaming\mbam.context.scan
2010-04-24 22:50 - 2012-12-06 12:46 - 0009728 _____ () C:\Users\Peter Maier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-10 12:39 - 2015-03-10 12:39 - 0000036 _____ () C:\Users\Peter Maier\AppData\Local\housecall.guid.cache
2014-12-08 21:51 - 2015-05-10 17:24 - 0007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Peter Maier\WDMyCloud_win.exe
C:\Users\Public\TTi_50_MR_2012_TIS.exe


Some content of TEMP:
====================
C:\Users\Test\AppData\Local\Temp\lpuninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 00:25

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 12.05.2015 15:47
Log von JRT fehlt...

inpeter 12.05.2015 17:42
Sooory!

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Professional x64
Ran by Peter Maier on 12.05.2015 at 18:36:31,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\TOOLBARNATIVEMSGHOST.EXE-ACB9C73B.pf



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.05.2015 at 18:40:06,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus 12.05.2015 17:45
Hast du JRT nur heute ausgeführt oder auch schon gestern?

inpeter 13.05.2015 06:57
Hatte ich gestern auch schon ausgeführt, habe es aber nochmal laufenlassen um eine aktuelle log zu haben

war das falsch?

cosinus 13.05.2015 12:47
Wollte eigentlich das vorherige Log haben um zu sehen, was JRT noch entfernt hat nach MBAM und adwCleaner.

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR StartupUrls: Profile 1 -> "http://www.google.com/", "http://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX"
C:\Users\Peter Maier\WDMyCloud_win.exe
C:\Users\Public\TTi_50_MR_2012_TIS.exe
Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION
Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION
Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION
Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


inpeter 13.05.2015 16:41
Hallo,

erledigt anbei fixlog.txt.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Peter Maier at 2015-05-13 17:27:32 Run:1
Running from D:\Internetdownload
Loaded Profiles: Peter Maier (Available profiles: Peter Maier & Test & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/", "hxxp://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX"
C:\Users\Peter Maier\WDMyCloud_win.exe
C:\Users\Public\TTi_50_MR_2012_TIS.exe
Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION
Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION
Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION
Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION
EmptyTemp:
       
*****************

Chrome StartupUrls deleted successfully.
C:\Users\Peter Maier\WDMyCloud_win.exe => Moved successfully.
C:\Users\Public\TTi_50_MR_2012_TIS.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{210060A9-94F8-49E3-A158-06F13A329C72}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{210060A9-94F8-49E3-A158-06F13A329C72}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E3CF71A-C53A-4684-AECB-37B397729559}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E3CF71A-C53A-4684-AECB-37B397729559}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E6267C2-8577-4FB9-9750-13B6417B7ECE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6267C2-8577-4FB9-9750-13B6417B7ECE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{952A9410-4AD0-43BC-BCCF-092E41E42332}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952A9410-4AD0-43BC-BCCF-092E41E42332}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-chromeinstaller" => Key deleted successfully.
EmptyTemp: => Removed 3.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:29:04 ====

cosinus 13.05.2015 16:45
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


inpeter 14.05.2015 06:15
Soweit alles erledigt

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=655c696be3811947b374f7688c7a9e6b
# engine=23831
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-13 11:36:02
# local_time=2015-05-14 01:36:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Trend Micro Internet Security'
# compatibility_mode=528 16777213 100 100 3848084 25677067 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5579699 183190012 0 0
# scanned=416050
# found=63
# cleaned=0
# scan_time=23984
sh=096EE9069526CD95FE0F33E0348DB0E9561203AA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\45918.crx.vir"
sh=9750DE47F1625093F8F174DD77D81FF593345DB5 ft=1 fh=ecc21214262917d4 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll.vir"
sh=607789E75C770D9802C0118711417F5CF8105132 ft=1 fh=786c221dce6028de vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll.vir"
sh=F869C1DD538108888ABB656CE21D31392FCC0E6A ft=1 fh=e90efe246ad865b8 vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-buttonutil.dll.vir"
sh=F1B0B72CF88E03907112BFC5F97E103B419D3A67 ft=1 fh=51639bd2095bd078 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-buttonutil64.dll.vir"
sh=5211536332FB1A794459C27BF264137E1FA480A9 ft=1 fh=8bd759ad1fa3e1b4 vn="Variante von Win64/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-buttonutil64.exe.vir"
sh=373019CD1B9E2D823F346F6B1F6653AE3CCA2C75 ft=1 fh=4b34d707a162b3c7 vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-codedownloader.exe.vir"
sh=DCBE16BF8761B8743CD6540F10B891CD1E4701A6 ft=1 fh=b8554ff3d07eb933 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-enabler.exe.vir"
sh=BE3F8652CEAB1CC5880AB636DE921AE8E02CF4A1 ft=1 fh=6efdfd2f07e310ba vn="Variante von Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-helper.exe.vir"
sh=BA3C80701F3A72647887833464C5C3CEA3E24296 ft=1 fh=33e4b997af5403af vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-updater.exe.vir"
sh=7B5D470F1F6DD7AF8EBD5EB2632577CEDF1BEBE1 ft=1 fh=f657a54956f4f8ee vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\utils.exe.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\108_icm_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=73374EAD120BC84FC9C0C827196BCAEB3C20EEB6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\1_base.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\21_debug.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\28_initializer.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\js\lib\crossriderAPI.js.vir"
sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PQPBSUSER\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe.vir"
sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PQPBSUSER\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe.vir"
sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PQPBSUSER\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe.vir"
sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe"
sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe"
sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe"
sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe"
sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe"
sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe"
sh=CE66289B73116BB3A9EC074696A654A68389FD35 ft=1 fh=e9397ac68c2f876e vn="Win32/Solvusoft.A evtl. unerwünschte Anwendung" ac=I fn="D:\Internetdownload\Setup_DriverDoc_2015.exe"
sh=6F463BFFDC4C8481CB1618053B5158A56827C059 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-08-24 120002\Backup Files 2014-08-24 120002\Backup files 12.zip"
sh=0FECD529C5A8AB969C0F703704D5948FF5DDDD2D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2014-08-24 120002\Backup Files 2014-08-24 120002\Backup files 19.zip"
sh=0D334D9FB884E6ED70C2B8F3ABB7ADDD0F557F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-10-05 120002\Backup Files 2014-10-05 120002\Backup files 12.zip"
sh=F8C5E364DE518A6646A19299C87144C3D8B7FE5F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2014-10-05 120002\Backup Files 2014-10-05 120002\Backup files 19.zip"
sh=CF7E97023AF85F911018860268FD1030EE325111 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-11-23 120002\Backup Files 2014-11-23 120002\Backup files 10.zip"
sh=5FD2D0760EDCEA4DE9982793C1881AF160EA4C02 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-11-23 120002\Backup Files 2014-11-23 120002\Backup files 13.zip"
sh=91B035DFF41A542C69724FE31DE7D3E177CFBF7F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2014-11-23 120002\Backup Files 2014-11-23 120002\Backup files 20.zip"
sh=B404995E76CCF0EF62A57F9C412434C00A2296B9 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2015-01-04 120003\Backup Files 2015-01-04 120003\Backup files 10.zip"
sh=97E2A00B6C5E63770B478C329BF2C242C6198F04 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2015-01-04 120003\Backup Files 2015-01-04 120003\Backup files 13.zip"
sh=24740097A0571CFB65F059D50523014BEBB4AB78 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2015-01-04 120003\Backup Files 2015-01-04 120003\Backup files 20.zip"


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:43 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131