Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Defragmentierung startet nicht da der Aufgabenplanungsdienst nicht ausgeführt wird.... (https://www.trojaner-board.de/166777-defragmentierung-startet-aufgabenplanungsdienst-ausgefuehrt.html)

Alice85 08.05.2015 18:30
Defragmentierung startet nicht da der Aufgabenplanungsdienst nicht ausgeführt wird....
 
Liste der Anhänge anzeigen (Anzahl: 3)
Hallo,

da mein PC in der letzten Zeit langsamer geworden ist und die Programme immer wieder hängen bleiben, wollte ich eine Defragmentierung machen.

Da bekam ich folgende Fehlermeldung (siehe Defragmentierung kann...)
Worauf hin ich diesen Aufgabenplanungsdienst gesucht habe und ihn starten wollte.
Nun erscheint folgende Fehlermeldung (siehe Aufgabenplanung)

Das Fenster der Aufgabenplanung sieht nun so aus (siehe Fenster Aufgabenplanung)

Ich habe einen guten Freund gefragt ob er weiß was los ist und er meint, dass dies ein Trojaner ist. Deshalb bitte ich hiermit um Hilfe!

Danke im Voraus
Alice85

schrauber 08.05.2015 18:57
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Alice85 08.05.2015 19:09
FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Alice85 (administrator) on Alice85-PC on 08-05-2015 20:00:39
Running from F:\meine Programme usw\Anti-Malware\FRST
Loaded Profiles: Alice85 (Available profiles: Alice85)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Visagesoft) F:\meine Programme usw\PDF Experte Professional 8\vspdfprsrv.exe
(Ellora Assets Corp.) F:\meine Programme usw\Video_Downloader\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-18] (Realtek Semiconductor)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2320752 2009-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [vspdfprsrv.exe] => F:\meine Programme usw\PDF Experte Professional 8\vspdfprsrv.exe [6078464 2012-04-23] (Visagesoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Alice85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-21]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?rd=1&ucc=AT&dcc=AT&opt=0&ocid=iehp
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\S-1-5-21-804858186-3083531089-3029207996-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-804858186-3083531089-3029207996-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-10] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-02-19] (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-16] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-02-19] (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.orf.at/
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-16] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-01-14] (Nitro PDF)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-804858186-3083531089-3029207996-1000: sony.com/MediaGoDetector -> F:\meine Programme usw\Handy Programm\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC)
FF user.js: detected! => C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\user.js [2015-01-11]
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-804858186-3083531089-3029207996-1000\FireFox\user.js [2014-08-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPAdbESD.dll [2006-10-03] (Adobe Systems Incorporated)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-21]
FF Extension: Adblock Plus - C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-23]

Chrome:
=======
CHR Profile: C:\Users\Alice85\AppData\Local\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 FreemakeVideoCapture; F:\meine Programme usw\Video_Downloader\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-02-10] (Ellora Assets Corp.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-01-14] (Nitro PDF Software)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-09-30] (GEAR Software Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-30] (GFI Software)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-10] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-05-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [129024 2010-12-21] (MCCI Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 REMOVE; \??\C:\Windows\SysWOW64\drivers\REMOVE.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 11:39 - 2015-04-29 11:39 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-29 11:39 - 2015-04-29 11:39 - 00000966 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-25 18:56 - 2015-04-25 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 20:23 - 2015-04-15 20:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:53 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:53 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:53 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:53 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 08:53 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 08:53 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 08:53 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 08:53 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 08:53 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 08:53 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 08:53 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 08:53 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 08:53 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:53 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 08:53 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 08:52 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 08:52 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 08:52 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 08:52 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 08:52 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 08:52 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 08:52 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 08:52 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 08:52 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 08:52 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 08:52 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 08:52 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 08:52 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 08:52 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 08:52 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 08:52 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 08:52 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 08:52 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 08:52 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 08:52 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 08:52 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 08:52 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 08:52 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 08:52 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 08:52 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:52 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:52 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 08:52 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 08:52 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:52 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:52 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 08:52 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:52 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 08:52 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:52 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 08:52 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:52 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:52 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 08:52 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 08:52 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:52 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 08:52 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:52 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:52 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:52 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 08:52 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:52 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 08:52 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 08:52 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 08:52 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 08:52 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:52 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 08:52 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:52 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:52 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:52 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 08:52 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:52 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 08:52 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 08:52 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 08:52 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:52 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:52 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:52 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 08:52 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 08:52 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:52 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 08:52 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:52 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:52 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:52 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:52 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:52 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:52 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 08:52 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:52 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:52 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 08:52 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:52 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:52 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 08:52 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 08:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 19:06 - 2015-04-16 21:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\13141507.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 20:00 - 2014-11-12 11:46 - 00000000 ____D () C:\FRST
2015-05-08 19:58 - 2014-05-31 09:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-08 19:09 - 2014-11-16 12:27 - 00001025 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 19:09 - 2014-11-16 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 19:00 - 2014-11-16 12:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 16:29 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 16:29 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 14:58 - 2010-10-07 09:03 - 01608269 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 14:49 - 2013-10-15 04:59 - 00056641 _____ () C:\Windows\setupact.log
2015-05-07 19:27 - 2009-07-14 19:58 - 00702374 _____ () C:\Windows\system32\perfh007.dat
2015-05-07 19:27 - 2009-07-14 19:58 - 00150454 _____ () C:\Windows\system32\perfc007.dat
2015-05-07 19:27 - 2009-07-14 07:13 - 01628736 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-07 17:27 - 2012-10-15 20:54 - 00000000 ___RD () C:\Users\Alice85\Dropbox
2015-05-07 17:26 - 2012-10-15 20:48 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Dropbox
2015-04-30 12:18 - 2009-07-14 06:45 - 00516936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-29 21:03 - 2010-12-12 01:04 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Skype
2015-04-29 17:16 - 2010-10-11 08:58 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-29 11:53 - 2010-12-10 21:59 - 00158744 _____ () C:\Users\Alice85\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-29 11:40 - 2011-08-27 22:00 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-26 12:20 - 2013-06-14 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-23 21:23 - 2014-09-20 20:17 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-04-23 17:07 - 2012-10-15 20:54 - 00001021 _____ () C:\Users\Alice85\Desktop\Dropbox.lnk
2015-04-23 17:07 - 2012-10-15 20:51 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 16:44 - 2014-06-19 14:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-23 16:44 - 2014-06-19 14:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-23 16:44 - 2014-06-19 14:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 13:22 - 2010-12-12 11:29 - 00462936 _____ () C:\Windows\PFRO.log
2015-04-18 11:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2015-04-15 20:23 - 2014-05-06 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:14 - 2010-12-11 23:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 19:13 - 2012-12-23 19:47 - 01602080 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 19:10 - 2013-08-15 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 19:05 - 2010-12-19 10:50 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 09:37 - 2014-11-16 12:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-16 12:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-16 12:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-08 17:41 - 2010-12-12 01:04 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-09-21 15:53 - 2014-09-21 15:53 - 0001239 _____ () C:\Users\Alice85\AppData\Roaming\settings.xml
2010-12-12 01:16 - 2010-12-12 01:16 - 0033134 _____ () C:\Users\Alice85\AppData\Roaming\UserTile.png
2011-09-20 17:48 - 2011-09-20 17:48 - 0000576 _____ () C:\Users\Alice85\AppData\Local\45D86D82.il
2012-05-27 18:24 - 2013-09-22 07:34 - 0006144 _____ () C:\Users\Alice85\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-20 17:48 - 2011-09-20 17:48 - 0000280 _____ () C:\Users\Alice85\AppData\Local\IndexIE_45D86D82.il
2014-06-07 21:22 - 2014-06-07 21:22 - 0000884 _____ () C:\Users\Alice85\AppData\Local\recently-used.xbel
2014-03-08 10:47 - 2014-03-08 10:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-12 01:05 - 2010-12-12 01:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-12-10 22:24 - 2014-03-08 10:19 - 0014202 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Alice85\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm2siuj.dll
C:\Users\Alice85\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Alice85\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Alice85\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Alice85\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-06-15 13:38

==================== End Of Log ============================
--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Alice85 at 2015-05-08 20:05:09
Running from F:\meine Programme usw\Anti-Malware\FRST
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-804858186-3083531089-3029207996-500 - Administrator - Disabled)
Alice85 (S-1-5-21-804858186-3083531089-3029207996-1000 - Administrator - Enabled) => C:\Users\Alice85
Gast (S-1-5-21-804858186-3083531089-3029207996-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-804858186-3083531089-3029207996-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

20.000 Meilen unter dem Meer (HKLM-x32\...\{6692A6CC-6EDA-40C3-8F57-1E8ECD5AE2E0}) (Version: 1.00.0000 - Purplehills)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Download Manager 2.2 (Remove Only) (HKLM-x32\...\AdobeESD) (Version: 2.2 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Airline Mania (HKLM-x32\...\Airline Mania) (Version:  - )
Alamandi (HKLM-x32\...\{2C0C7C1B-CAC0-49DF-9220-71A5AADC30F3}) (Version: 1.00.0000 - Intenium GmbH)
AmazingMahjongg3D (HKLM-x32\...\AmazingMahjongg3D) (Version:  - )
Amelies Restaurant - Das Weihnachtswunder (HKLM-x32\...\Amelies Restaurant - Das Weihnachtswunder) (Version:  - )
Amulet of Time (HKLM-x32\...\Amulet of Time) (Version:  - )
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arcade Bubbles (HKLM-x32\...\Arcade Bubbles) (Version:  - )
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
AtlantisQuest (HKLM-x32\...\{1D619FC4-4F88-406C-9E78-B948BFC998FA}) (Version: 1.00.0000 - Ihr Firmenname)
B109a-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
BCL easyConverter 3.0 Licensing Module (BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
Bonga Online (HKLM-x32\...\{5EE7912E-A076-4AC2-9C73-A9E6B544590C}) (Version: 1.00.0000 - Intenium GmbH)
Brickshooter Egypt (HKLM-x32\...\{9AA179F5-EAE2-4997-B03E-989068643DBF}) (Version: 1.00.0000 - Purplehills)
BudRedhead (HKLM-x32\...\BudRedhead) (Version:  - )
Cake Mania(TM) 2 (HKLM-x32\...\573b2d3215fcadbbae7abed7d5c53b1f) (Version:  - )
Christmasville (HKLM-x32\...\{D178746E-0919-424E-88A7-81A0E46FF03E}) (Version: 1.00.0000 - Purplehills)
Cradle Of Persia (HKLM-x32\...\Cradle Of Persia) (Version:  - )
Cradle Of Rome (HKLM-x32\...\Cradle Of Rome) (Version:  - )
Cursed House 2 (HKLM-x32\...\{FEC2DB77-CEF6-4BBE-BA42-DEF3361FF465}) (Version: 1.00.0000 - Intenium GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Rettungsteam (HKLM-x32\...\Das Rettungsteam) (Version:  - )
Das Rettungsteam 2 (HKLM-x32\...\Das Rettungsteam 2) (Version:  - )
Das Rettungsteam 3 (HKLM-x32\...\Das Rettungsteam 3) (Version:  - )
Das Spukhotel (HKLM-x32\...\Das Spukhotel) (Version:  - )
Deadwood - Ghost Encounters (HKLM-x32\...\Deadwood - Ghost Encounters) (Version:  - )
Delicious - Emily und der Duft des Erfolgs (HKLM-x32\...\{1CB9E217-DAEC-4DA3-8190-C0955D228BBD}) (Version: 1.00.0000 - Intenium GmbH)
Delicious - Emily und die Teeparty (HKLM-x32\...\{A688754B-80D5-409D-82B4-588297A20DCD}) (Version: 1.00.0000 - Intenium GmbH)
Delicious (HKLM-x32\...\{EC4ADD78-64A4-4904-9B94-6033BA72961C}) (Version: 1.00.0000 - Intenium GmbH)
Delicious 2 (HKLM-x32\...\{B1426119-55D7-420D-9FF3-788B34397EF4}) (Version: 1.00.0000 - Intenium GmbH)
Der Exorzist 3 - Geburt der Finsternis (HKLM-x32\...\{5327CAE3-A6EB-40BB-AAB6-3D742939FC65}) (Version: 1.00.0000 - Intenium GmbH)
Der Fluch des Montezuma (HKLM-x32\...\Der Fluch des Montezuma) (Version:  - )
Der Ring des Unheils (HKLM-x32\...\{7D09608E-9371-4843-87F5-AF512CE40A5E}) (Version: 1.00.0000 - Intenium GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\{D2B31FE6-127F-4E79-8186-F080A282FBC7}) (Version: 1.0.0.46 - Intenium GmbH)
Die Chroniken von Emerland - Solitaire (HKLM-x32\...\{1C8FECB1-2265-416D-B7E8-E6D2B51FBAF5}) (Version: 1.00.0000 - Intenium GmbH)
Die Ratten (HKLM-x32\...\{677C8071-C601-41AB-88B6-E196DAC7E2B4}) (Version: 1.00.0000 - Intenium GmbH)
Doggie Dash de (HKLM-x32\...\Doggie Dash_is1) (Version: de - Boonty)
Dropbox (HKU\S-1-5-21-804858186-3083531089-3029207996-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Easy Photo Effects version 2.1 (HKLM-x32\...\{7168A72B-6274-492C-AC00-CCB55188FE8D}_is1) (Version: 2.1 - J. Mintjes)
Eldorado (HKLM-x32\...\{6540D6AD-4218-444D-84EC-E6C85F35EE31}) (Version: 1.00.0000 - Purplehills)
EmoDio (HKLM-x32\...\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 1.0 - SAMSUNG)
EmoDio (x32 Version: 1.0 - SAMSUNG) Hidden
Farm Frenzy - Das antike Rom (HKLM-x32\...\Farm Frenzy - Das antike Rom) (Version:  - )
Farm Frenzy 2 (HKLM-x32\...\d95139c32283ebef7fcf673654b9566d) (Version:  - )
Farm Frenzy 2 (HKLM-x32\...\Farm Frenzy 2) (Version:  - )
Farm Frenzy 3 - Madagaskar (HKLM-x32\...\Farm Frenzy 3 - Madagaskar) (Version:  - )
Farm Frenzy 3 (HKLM-x32\...\Farm Frenzy 3) (Version:  - )
Farm Frenzy 3 American Pie (HKLM-x32\...\Farm Frenzy 3 American Pie) (Version:  - )
Farm Frenzy 3 Ice Age (HKLM-x32\...\Farm Frenzy 3 Ice Age) (Version:  - )
Farm Frenzy 3 Russisches Roulette (HKLM-x32\...\Farm Frenzy 3 Russisches Roulette) (Version:  - )
Farm Frenzy 4 (HKLM-x32\...\Farm Frenzy 4) (Version:  - )
FarmFrenzy (HKLM-x32\...\FarmFrenzy) (Version:  - )
FarmFrenzy Pizza Party (HKLM-x32\...\FarmFrenzy Pizza Party) (Version:  - )
FBI (HKLM-x32\...\{41E21FBD-DE0F-46D9-8B6C-534DD13DBBB6}) (Version: 1.00.0000 - PurpleHills)
Frankenstein (HKLM-x32\...\{610B773E-3183-43D5-B01D-862EFF276B81}) (Version: 1.00.0000 - Ihr Firmenname)
Free YouTube to DVD Converter version 3.1.56.301 (HKLM-x32\...\Free YouTube to DVD Converter_is1) (Version: 3.1.56.301 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.55.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.55.219 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.3 - Ellora Assets Corporation)
Fruit Lockers 2 (HKLM-x32\...\Fruit Lockers 2) (Version:  - )
GameCatalog16.2014 (x32 Version: 1.00.0000 - Intenium GmbH) Hidden
GameCatalog42.2013 (x32 Version: 1.00.0000 - Intenium GmbH) Hidden
Garden Defense(TM) (HKLM-x32\...\1f61e7ec2576786d48806290a053bfc4) (Version:  - )
Garten-Glück 2 (HKLM-x32\...\{1D86FA56-0849-4E87-956F-BAAAC2DD9B95}) (Version: 1.00.0000 - Intenium GmbH)
Gegen die Zeit Box (HKLM-x32\...\Gegen die Zeit Box) (Version:  - )
Ghostville - The Happy Hereafter (HKLM-x32\...\Ghostville - The Happy Hereafter) (Version:  - )
Goldene Jahre - Der weite Westen (HKLM-x32\...\Goldene Jahre - Der weite Westen) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Happy Chef (HKLM-x32\...\Happy Chef) (Version:  - )
Happy Chef 2 (HKLM-x32\...\Happy Chef 2) (Version:  - )
Haus der 1000 Türen - Das Juwel des Zarathustra (HKLM-x32\...\Haus der 1000 Türen - Das Juwel des Zarathustra) (Version:  - )
Hidden World (HKLM-x32\...\Hidden World) (Version:  - )
Hospital Haste (HKLM-x32\...\{D0EB2C6C-377E-4ACA-ADA1-D96FCB149E55}) (Version: 1.00.0000 - PurpleHills)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Jack of all Tribes (HKLM-x32\...\Jack of all Tribes) (Version:  - )
Jane's Hotel Mania (HKLM-x32\...\{5230B53B-F3C3-437E-80B1-9FA5CBDBE5A6}) (Version: 1.00.0000 - PurpleHills)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jos großer Traum - Mein eigenes Cafe (HKLM-x32\...\{80FE8528-2288-495E-9B87-0394166216F9}) (Version: 1.00.0000 - Intenium GmbH)
Juliettes Modeimperium (HKLM-x32\...\Juliettes Modeimperium) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Katy and Bob - Way Back Home (HKLM-x32\...\{7ECB644A-3D31-4790-BC5A-2CD8254E5FA3}) (Version: 1.00.0000 - PurpleHills)
Lawn and Order - Die Gartenprofis (HKLM-x32\...\{75EC1573-2CF6-48EE-9A01-8CB46856E4DC}) (Version: 1.00.0000 - Intenium GmbH)
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
LG CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3325 - CyberLink Corp.)
LG CyberLink Power2Go (x32 Version: 6.2.3325 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815d - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 8.0.2815d - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2130 - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3123 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3123 - CyberLink Corp.) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
LG Power Tools (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
LG Power Tools (x32 Version: 6.0.3316 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Luxor HD (HKLM-x32\...\Luxor HD) (Version: 1.1.0.0 - MumboJumbo)
MAGIX Audio Cleaning Lab 2014 (HKLM-x32\...\MX.{81C1DF9D-FAB5-43F5-A4E7-6ACACECAB87F}) (Version: 20.0.0.32 - MAGIX AG)
MAGIX Audio Cleaning Lab 2014 (Version: 20.0.0.32 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{A8FA97F6-5411-4FEB-97B6-CE2F46697980}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX USB-Videowandler 2 (HKLM-x32\...\{38874054-65D0-45D0-9486-FBEFD42A2251}) (Version: 1.03.0000 - Ihr Firmenname)
MAGIX Video easy Retten Sie Ihre Videokassetten! (HKLM-x32\...\MX.{FBDCB56E-2A25-4053-9E0C-C8E345DE0CA7}) (Version: 5.0.1.104 - MAGIX AG)
MAGIX Video easy Retten Sie Ihre Videokassetten! (Version: 5.0.1.104 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{7547239C-FA8A-4FA4-84A6-31EAC0777E1B}) (Version: 2.7.341 - Sony)
Media Go Network Downloader (HKLM-x32\...\{73FA7631-3015-4EEC-A002-09488C47A07C}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.103.12040 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.103.12040 - Sony)
Megamind (HKLM-x32\...\Megamind) (Version:  - )
Mein Landleben (HKLM-x32\...\Mein Landleben) (Version:  - )
Mein Landleben 2 (HKLM-x32\...\Mein Landleben 2) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 7.1 (HKLM\...\{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}) (Version: 7.10.344.0 - Microsoft)
Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version:  - NCH Software)
Moai - Erschaffe deinen Traum (HKLM-x32\...\{13539438-C4D8-4AE4-9856-7D789F84AE32}) (Version: 1.00.0000 - PurpleHills)
Moonlight Match - Eine zauberhafte Nacht (HKLM-x32\...\{3E99C26B-8FA9-452B-908B-43EA573A3FAF}) (Version: 1.00.0000 - Intenium GmbH)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Kingdom for the Princess (HKLM-x32\...\{A7640CE0-A9A9-424F-B1A6-4E72F0BC74B4}) (Version: 1.00.0000 - PurpleHills)
MyFreeCodec (HKU\S-1-5-21-804858186-3083531089-3029207996-1000\...\MyFreeCodec) (Version:  - )
Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version:  - NCH Software)
NCIS Game (HKLM-x32\...\InstallShield_{1211F510-803E-4FEF-A718-137AAE4DCC59}) (Version: 1.0.0.0 - Ubisoft)
NCIS Game (x32 Version: 1.0.0.0 - Ubisoft) Hidden
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
Nitro Reader 3 (HKLM\...\{31900DA4-6DA2-4ACB-95F8-A683EA837BF4}) (Version: 3.1.1.12 - Nitro)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Paranormal State (HKLM-x32\...\Paranormal State) (Version:  - )
Pazera Free FLV to AVI Converter 1.7 (HKLM-x32\...\{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1) (Version: 1.7 - Pazera Jacek)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Experte 8 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 8.0.0140.0 - Avanquest software)
PDF24 Creator 6.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF2Word Converter Version 1.0.8 (Build 164) (HKLM-x32\...\PDF2Word Converter_is1) (Version: PDF2Word Converter - Version 1.0.8 (Build 164) - bhv Publishing GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Pearl Poppers (HKLM-x32\...\Pearl Poppers) (Version:  - )
Pet Show Craze (HKLM-x32\...\{E00F95BA-DA46-46CC-AEC1-3F5E01202916}) (Version: 1.00.0000 - PurpleHills)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies(TM) (HKLM-x32\...\12389d0863a0588ade0a083ab5270573) (Version:  - )
Profiler (HKLM-x32\...\{164B5A9F-D9BD-4EC3-880E-61A4E6935EEB}) (Version: 1.00.0000 - Purplehills)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Ritter Arthur 3  (HKLM-x32\...\{52F08001-37ED-4168-8E60-7F041A833BB8}) (Version: 1.00.0000 - Intenium GmbH)
Safari Park Afrika Version 1.5 (HKLM-x32\...\{356D5229-7C17-44AF-BF39-9F5A4F07F439}_is1) (Version: 1.5 - Play Publishing)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Sandra Fleming Chronicles - Crystal Skulls (HKLM-x32\...\{CF012B94-62C1-4AA9-AEE8-DBD1E6677950}) (Version: 1.00.0000 - Intenium GmbH)
Schatz der Azteken (HKLM-x32\...\Schatz der Azteken) (Version:  - )
Secret Of Six Seas (HKLM-x32\...\Secret Of Six Seas) (Version:  - )
Secrets of Vatican (HKLM-x32\...\{66B76A83-4B3A-4218-82A4-862E26B745CA}) (Version: 1.00.0000 - Purplehills)
SKIP-BO Castaway Caper (HKLM-x32\...\SKIP-BO Castaway Caper) (Version: 1.00 - phenomedia publishing gmbh)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Songbird 1.9.3 (Build 1959) (HKLM-x32\...\Songbird-release-1959) (Version:  - )
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.1.201312191309 - Sony Mobile Communications AB)
Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
Sonya (HKLM-x32\...\Sonya) (Version:  - )
Sprill (HKLM-x32\...\Sprill) (Version:  - )
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version:  - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Terayon DOCSIS Modem (HKLM-x32\...\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}) (Version:  - )
The Great Mahjongg (HKLM-x32\...\The Great Mahjongg) (Version:  - )
Time Machine (HKLM-x32\...\{9F9D845C-A5F0-423B-9820-240771C7645D}) (Version: 1.00.0000 - Purplehills)
Titanic Mystery (HKLM-x32\...\{4BA54459-7721-4FC4-B22C-E9A75CC89CCF}) (Version: 1.00.0000 - Ihr Firmenname)
True Fear - Verlorene Seelen (HKLM-x32\...\True Fear - Verlorene Seelen) (Version:  - )
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
UPC Fiber Power Optimizer (HKLM-x32\...\UPC Fiber Power Optimizer) (Version:  - UPC Broadband)
UPC Fiber Power Optimizer (x32 Version: 2.0.0.3 - UPC Broadband) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vesuvia (HKLM-x32\...\Vesuvia) (Version:  - )
Virtual DJ - Atomix Productions (HKLM-x32\...\Virtual DJ - Atomix Productions) (Version:  - )
Virtual DJ Home - Atomix Productions (HKLM-x32\...\Virtual DJ Home - Atomix Productions) (Version:  - )
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WarrantyExtension (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Weihnachts-Mahjong (HKLM-x32\...\Weihnachts-Mahjong) (Version:  - )
Weihnachtswunderland 1 (HKLM-x32\...\Weihnachtswunderland 1) (Version:  - )
Weihnachtswunderland 2 (HKLM-x32\...\Weihnachtswunderland 2) (Version:  - )
Weihnachtswunderland 3 (HKLM-x32\...\Weihnachtswunderland 3) (Version:  - )
Where Angels Cry - Göttliche Tränen (HKLM-x32\...\{0B8D450B-5E05-4EFA-8026-59E7548BE741}) (Version: 1.00.0000 - Intenium GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Womens Murder Club - Little Black Lies (HKLM-x32\...\Womens Murder Club - Little Black Lies) (Version:  - )
Youda Jewel Shop (HKLM-x32\...\{CD8C2FC1-48F8-4ED1-B8EB-954B24298CDF}) (Version: 1.00.0000 - PurpleHills)
Youda Survivor (HKLM-x32\...\{E2FDB2BC-B94F-46F3-AD1B-E592814AD77D}) (Version: 1.00.0000 - PurpleHills)
Youda Survivor 2 (HKLM-x32\...\{21C7F5A6-C316-422D-A45F-F2C3ED0E0172}) (Version: 1.00.0000 - PurpleHills)
Zeit der Abenteuer - Der Held in dir (HKLM-x32\...\Zeit der Abenteuer - Der Held in dir) (Version:  - )
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-804858186-3083531089-3029207996-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alice85\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-804858186-3083531089-3029207996-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alice85\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-804858186-3083531089-3029207996-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alice85\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-804858186-3083531089-3029207996-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alice85\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-804858186-3083531089-3029207996-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alice85\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-04-2015 10:39:48 Windows Update
14-04-2015 13:18:30 Windows Update
15-04-2015 19:00:27 Windows Update
21-04-2015 10:23:35 Windows Update
24-04-2015 14:03:46 Windows Update
28-04-2015 08:14:48 Windows Update
01-05-2015 12:15:38 Windows Update
05-05-2015 11:41:01 Windows Update
08-05-2015 14:56:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-14 10:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04A5BCBB-0B73-4AC4-B89E-2A50D91F3B31} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {126D5F4A-79E9-4D37-A432-38AE40DE7305} - System32\Tasks\{7203C894-0300-4099-9A96-6BB6AD916433} => pcalua.exe -a "D:\Treiber\Kabelmodem\Arris\Arris TM602\REMOVE.EXE" -d "D:\Treiber\Kabelmodem\Arris\Arris TM602"
Task: {1799CC03-F6AC-4C83-9C43-BB89575B3535} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkId=116866
Task: {2474129D-3586-4E10-A4BE-0EE3359A2AD6} - System32\Tasks\{444B1392-3400-43E2-8B04-DE9D8810522E} => C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe [2011-07-01] (Koninklijke Philips Electronics N.V.)
Task: {254ACC19-6F23-4065-9F74-8CDFAB633A3C} - System32\Tasks\{F84A2D3B-CF73-4B16-BF98-2C7444058F42} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {265641C5-1E58-4396-80D6-CF59BD5CBA4C} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {30668632-21A6-400D-976E-82F860F405E9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {51201CE4-BB8E-40AC-B982-B7E10AF5A70E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe
Task: {58C30A80-48BD-4139-99FC-64416813DEA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-23] (Adobe Systems Incorporated)
Task: {67204CBF-320D-4A1E-AA49-2C22C3A4FDB9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6ACA3E25-5C8A-4DD7-8F01-358A31972262} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6C3D4726-80DB-436F-80CB-5565004C02CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6C6B3617-D339-4592-A230-1A66541F93B0} - System32\Tasks\Launch HTC Sync Loader => F:\HTC chacha\htcUPCTLoader.exe
Task: {73617B98-B671-48FB-B37A-C3895911FF86} - System32\Tasks\{DC69458A-7770-4214-B357-FEEA27DBFEC2} => C:\Program Files (x86)\Philips\Philips Songbird\Philips-Songbird.exe [2011-07-01] (Koninklijke Philips Electronics N.V.)
Task: {808DC006-F66A-4A22-85C5-C402C4FCED37} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {ADE2CF9C-82D9-4B8E-806F-82FB4C5D5032} - System32\Tasks\NCH Software\WavePadReminder => C:\Program Files (x86)\NCH Software\WavePad\WavePad.exe [2012-07-10] (NCH Software)
Task: {B575A350-185B-43E2-BB63-873F8AC908FC} - System32\Tasks\{CFCCCE1B-EC29-4874-BD8E-53E33D071549} => pcalua.exe -a "F:\Outlook Express\setup50.exe" -d "F:\Outlook Express"
Task: {BB0D4EE2-1C1F-4755-9252-3D64178585E7} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {C87E9CCA-F324-40E2-B9A9-DB65FF13A46C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {C9EB14A1-89AF-4C1E-81F5-AC3C303474F7} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {CBF14A67-0B18-4B41-AF71-E4CAE3C8863D} - System32\Tasks\{C5753BF7-3744-43D8-8C4D-51DEEADC5D6A} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe" -c -runfromtemp -l0x0007
Task: {D1DBBE7E-75B3-492D-A695-5625584A549A} - System32\Tasks\{1C183399-6C31-48DA-8DD1-D9514604CAC0} => pcalua.exe -a "D:\Treiber\UPC Fiber Power Optimizer installation.exe" -d D:\Treiber
Task: {DAF758FF-3516-435C-94A4-8670078A7CDD} - System32\Tasks\{AFBF34F0-6481-4778-8EBB-C89A43D8EA6A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {DE2F0FC7-F3F9-4238-9FA3-140200CBD400} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {E8AD38AD-56BA-4DEF-AF5E-6BD6AA0AD8E8} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverDocRunAtStartup.job => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe
Task: C:\Windows\Tasks\FaxApplications.exe_{FB30AF0F-6126-405D-A859-E18CB77DB3E4}.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe
Task: C:\Windows\Tasks\HP AR Program Upload - 19cdcc3d56c94515a8b6beec7cc9694cb1fbfa5bb14f4a55bbe8f9c8d77a02bf.job => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exeT-N 19cdcc3d56c94515a8b6beec7cc9694cb1fbfa5bb14f4a55bbe8f9c8d77a02bf -mode Scheduled
RunDLL32.exe
Task: C:\Windows\Tasks\HP AR Program Upload - 26d9bcf7d94b4426b5f484e2fa6e854170bc43760c3246279c403f8e239db6a2.job => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exeT-N 26d9bcf7d94b4426b5f484e2fa6e854170bc43760c3246279c403f8e239db6a2 -mode Scheduled
RunDLL32.exe
Task: C:\Windows\Tasks\HP Officejet 4620 series.exe_{EB8E82E8-A902-452A-8211-4EAA955FF8CF}.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\HP Officejet 4620 series.exe-install -prfn HP Officejet 4620 series -ePCUrl https:/h30495.www3.hp.com
Task: C:\Windows\Tasks\HPCustPartic.exe_{311E4CFB-0E50-47A8-BBBB-83CFE6FD8C36}.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
Task: C:\Windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe
Task: C:\Windows\Tasks\Toolbox.exe_{2D8CB0C7-DEB9-4399-B998-F53FD417590E}.job => C:\Program Files\HP\HP Officejet 4620 series\Bin\Toolbox.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-14 11:45 - 2011-10-04 23:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2006-09-19 09:07 - 2006-09-19 09:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2011-07-22 18:40 - 2009-04-15 16:56 - 00271760 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2014-06-03 20:25 - 2012-04-23 14:45 - 01186816 _____ () F:\meine Programme usw\PDF Experte Professional 8\TMSlite160.bpl
2014-06-03 20:25 - 2012-04-11 19:06 - 00087552 _____ () F:\meine Programme usw\PDF Experte Professional 8\vspropsaver160.bpl
2014-06-03 20:25 - 2012-04-11 19:06 - 02478080 _____ () F:\meine Programme usw\PDF Experte Professional 8\vsvector160.bpl
2014-06-03 20:25 - 2012-04-23 14:45 - 04681216 _____ () F:\meine Programme usw\PDF Experte Professional 8\vspdfcore160.bpl
2014-06-03 20:24 - 2012-04-23 14:45 - 02693120 _____ () F:\meine Programme usw\PDF Experte Professional 8\BBlite160.bpl
2014-06-03 20:25 - 2012-04-23 14:45 - 00025088 _____ () F:\meine Programme usw\PDF Experte Professional 8\vstrees160.bpl
2014-06-03 20:25 - 2012-04-23 14:45 - 00064512 _____ () F:\meine Programme usw\PDF Experte Professional 8\vsprinters160.bpl
2014-06-03 20:25 - 2012-04-11 19:06 - 00064512 _____ () F:\meine Programme usw\PDF Experte Professional 8\vspdfprinter160.bpl
2014-06-03 20:24 - 2011-09-30 18:10 - 00684032 _____ () F:\meine Programme usw\PDF Experte Professional 8\js32.dll
2014-06-03 20:24 - 2012-04-23 14:45 - 00097280 _____ () F:\meine Programme usw\PDF Experte Professional 8\expertpdfcore160.bpl
2014-06-03 20:25 - 2012-04-11 19:06 - 02253824 _____ () F:\meine Programme usw\PDF Experte Professional 8\PKIECtrl160.bpl
2014-06-03 20:25 - 2012-04-23 14:45 - 00517120 _____ () F:\meine Programme usw\PDF Experte Professional 8\vspdfeditor160.bpl
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-04-20 01:42 - 2014-10-10 18:34 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:195E9213

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alice85\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\Windows\pss\Nikon Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Alice85^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: dlmMgr => "C:\Program Files (x86)\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PDFPrint => F:\meine Programme usw\PDF Creator\PDF24\pdf24.exe
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: Philips Device Listener => "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: SMSTray => C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{0465E675-FD67-40E3-8E42-E5885D7224E5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A6D16636-8BD3-439C-A26F-F147949CBB2F}] => (Allow) svchost.exe
FirewallRules: [{F9E2CC25-8236-4860-8FF6-3E926C8C44A0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{949866E0-E4B9-4C07-8025-F3AE90CACE10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{0ECA80E1-47CC-4A38-8A71-64C85AEA3575}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{F2F6BD92-9ADE-49AE-A683-C58FB59E1491}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1078EA49-FB67-42DA-8B0A-53C894E8A97F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E21705E5-2928-488D-A92E-9CDB7D57765F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{635B5E13-08BD-4F3D-A055-A8AEC819EC28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{72E7FE90-3CA1-4939-85E2-60F936A44DB5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{42A4F48B-81F2-4CDB-9FE4-CF7E3017E08B}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{182FF713-90AA-4292-852E-C02C85C789AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B95A9D49-CA4C-4533-9D4D-99F83081F0B9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{92BAF924-3326-48BC-A67D-E170BE7BBFB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{17DC13AF-FD7F-4248-865D-60C2F005C55C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{7F9D64E9-62A2-47F2-BCF7-ADA054487AD2}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{CAA28801-31EC-48FC-B4AE-24FF236055A4}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{BDC28009-5F60-4E77-AEC5-961F3C90B586}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E3CF74E4-E67B-42AC-8D0A-E124284AAD98}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{2FD3C474-89E4-491F-80C3-4AEA268920AA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{A2742232-2F07-4267-B51E-60474DD0F8EC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{0F4F24FD-B03A-4C83-ABB7-C1583A0617A0}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{BA413718-1F88-4A9B-A878-DE13F9A57C7A}] => (Allow) C:\Users\Alice85\Downloads\Facemoods(1).exe
FirewallRules: [{7ECD0B9B-B90B-4F21-AD1E-A0DFC27E0E36}] => (Allow) C:\Users\Alice85\Downloads\Facemoods(1).exe
FirewallRules: [{DEA4DC1C-7C0B-4EA1-A0ED-E1BC43295A26}] => (Allow) C:\Program Files (x86)\UPC Austria\Install Master\UPC_Install_Master.exe
FirewallRules: [{09087F52-DB86-4C7C-915D-8F4F1BFAD5D9}] => (Allow) C:\Program Files (x86)\UPC Austria\Install Master\UPC_Install_Master.exe
FirewallRules: [{659800E9-548A-46EA-B4D8-A9CB1CFC7E21}] => (Allow) F:\meine Programme usw\support\UpdateLauncher\gu.exe
FirewallRules: [{CE502EA3-2C2F-48FA-96DC-111902D7226B}] => (Allow) F:\meine Programme usw\support\UpdateLauncher\gu.exe
FirewallRules: [{EEB14AD8-6825-4EFF-AF7F-0EAC18ECC7CB}] => (Allow) F:\meine Programme usw\NCIS.exe
FirewallRules: [{654C7C66-64EA-47A6-BF79-15F9691DA0E7}] => (Allow) F:\meine Programme usw\NCIS.exe
FirewallRules: [{7C7C2F7E-ED59-4891-801A-DED8F84777AA}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{7232ED24-D4C6-46C7-8198-B35D7AFFE6D8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{AA572C81-53A8-4F61-A325-96F4B3B3E00F}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{048FA957-4369-48AC-A9C5-E3055984555F}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{462B077B-F4AB-432F-BE36-F1CD4B1FB97F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{43B605B0-1E8F-46F0-9FCB-B02411FC0E7A}] => (Allow) LPort=2869
FirewallRules: [{7994B691-C12B-4252-AAB3-F1962D075CD5}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{D41F98BE-2C8C-41D5-9DC4-E5CA608F9C9D}C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{65B65A1D-D719-4D06-A76D-1C62318B33FE}C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{FFF916D3-D637-4281-8B2C-7D72875B8E2F}C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{ECE12054-F1FC-4B6B-83E0-B354C336B10E}C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\Alice85\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{80EE55B8-6C36-4230-894F-A5B4686D2D29}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{23163679-2B3C-4AB4-A0C3-81890D70A06F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0B9D6CE8-E94F-4D37-923F-D45A22ABAFAF}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{551544BF-F9E8-4FAB-92B3-42E89993B354}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{5B17714B-A018-4907-94C5-BF3DA71EEE26}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe
FirewallRules: [{6BB06BE4-C1F9-4A31-9697-E6052FF2C6C5}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{EA6EB547-CA2F-46D1-AEDD-FE99F79EDCAC}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe
FirewallRules: [{62BD5A89-D63C-4CD2-8546-45709986CF0F}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{B98E0B18-87AB-45D4-9F6A-BC2968336AF0}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C0224960-3D60-4C0C-B52F-EFC98E952DEE}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0E63073D-C6B2-445D-AF1D-2DD0E42A3E69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7B5A894-D52C-4E42-A1E6-8DEBB89740C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D0D8E65-B8D2-4191-A4F2-682B5A5C0DE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7E0FA93E-8B10-4B27-8D8F-505E3EFC2BA5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{13861D71-7D81-44F3-9355-D889AED58729}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{84EBA440-0659-49B6-8F5F-4F7E04C04B7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2015 07:19:52 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Malwarebytes Anti-Malware wurde wegen dieses Fehlers geschlossen.

Programm: Malwarebytes Anti-Malware
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000098
Datenträgertyp: 0

Error: (05/06/2015 07:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0005b405
ID des fehlerhaften Prozesses: 0xc28
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (05/01/2015 04:23:30 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Malwarebytes Anti-Malware wurde wegen dieses Fehlers geschlossen.

Programm: Malwarebytes Anti-Malware
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000098
Datenträgertyp: 0

Error: (05/01/2015 04:23:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.8.4.0, Zeitstempel: 0x51352df8
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0017b8a4
ID des fehlerhaften Prozesses: 0x8e4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (04/29/2015 05:29:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x4e54bc0f
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x4e54bc0f
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000fb0d8
ID des fehlerhaften Prozesses: 0x1830
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23

Error: (04/29/2015 05:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x4e54bc0f
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x4e54bc0f
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000fb0d8
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23

Error: (04/29/2015 05:27:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x4e54bc0f
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x4e54bc0f
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000fb0d8
ID des fehlerhaften Prozesses: 0x1350
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23

Error: (04/22/2015 04:50:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.3.59.101 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 24c

Startzeit: 01d07d02467898e8

Endzeit: 6

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID: f36092bf-e8fe-11e4-b74a-7071bcb00480

Error: (04/20/2015 05:44:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Katy + Bob.exe, Version: 1.0.1.10, Zeitstempel: 0x4fcd2191
Name des fehlerhaften Moduls: Katy + Bob.exe, Version: 1.0.1.10, Zeitstempel: 0x4fcd2191
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000e7b1
ID des fehlerhaften Prozesses: 0x848
Startzeit der fehlerhaften Anwendung: 0xKaty + Bob.exe0
Pfad der fehlerhaften Anwendung: Katy + Bob.exe1
Pfad des fehlerhaften Moduls: Katy + Bob.exe2
Berichtskennung: Katy + Bob.exe3

Error: (04/20/2015 00:10:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bd018
Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.9600.16428, Zeitstempel: 0x525b8c45
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000010dc2
ID des fehlerhaften Prozesses: 0x5f8
Startzeit der fehlerhaften Anwendung: 0xwmprph.exe0
Pfad der fehlerhaften Anwendung: wmprph.exe1
Pfad des fehlerhaften Moduls: wmprph.exe2
Berichtskennung: wmprph.exe3


System errors:
=============
Error: (05/08/2015 02:50:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/08/2015 02:50:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht.

Error: (05/08/2015 02:49:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/08/2015 02:49:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/08/2015 06:31:21 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (05/08/2015 06:30:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/08/2015 06:30:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/07/2015 07:18:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/07/2015 07:18:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/07/2015 07:18:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (03/30/2015 07:46:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20032 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (03/30/2015 06:57:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17449 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (05/19/2013 00:28:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 618 seconds with 540 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-23 12:44:51.686
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:44:51.683
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:49.312
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:49.310
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:44.048
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:43.871
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:43.720
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:43.672
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:23.705
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 12:43:23.622
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 6103.12 MB
Available physical RAM: 4052.87 MB
Total Pagefile: 12204.43 MB
Available Pagefile: 9805.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1396.72 GB) (Free:1186.12 GB) NTFS
Drive f: (Transcend) (Fixed) (Total:298.02 GB) (Free:151.53 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: BE5B3ECE)
Partition 1: (Active) - (Size=552 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1396.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 637A0980)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)

==================== End Of Log ============================

schrauber 09.05.2015 16:30
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Alice85 09.05.2015 17:20
Ich habe vergessen Kaspersky auszuschalten. Da hat eben Combofix gemeckert. Nach abschalten gings.

Die Datei:

Code:
ComboFix 15-05-09.01 - Alice85 09.05.2015  18:04:16.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.6103.4051 [GMT 2:00]
ausgeführt von:: c:\users\Alice85\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-09 bis 2015-05-09  ))))))))))))))))))))))))))))))
.
.
2015-05-09 16:11 . 2015-05-09 16:11        --------        d-----w-        c:\users\Public\AppData\Local\temp
2015-05-09 16:11 . 2015-05-09 16:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-09 14:27 . 2015-05-09 14:27        --------        d-----w-        c:\users\Alice85\AppData\Roaming\Goblinz
2015-05-08 12:57 . 2015-04-04 06:25        12032440        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D827252C-9093-48D6-8117-760729383763}\mpengine.dll
2015-04-15 18:23 . 2015-04-15 18:23        --------        d-----w-        c:\windows\system32\appraiser
2015-04-15 06:52 . 2015-03-17 05:22        5557696        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-04-15 06:50 . 2015-03-04 04:55        367552        ----a-w-        c:\windows\system32\clfs.sys
2015-04-15 06:50 . 2015-03-04 04:41        79360        ----a-w-        c:\windows\system32\clfsw32.dll
2015-04-15 06:50 . 2015-03-04 04:10        58880        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-04-13 17:06 . 2015-04-16 19:45        129752        ----a-w-        c:\windows\system32\drivers\13141507.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-09 13:18 . 2014-11-16 10:27        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-23 14:44 . 2014-06-19 12:07        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-23 14:44 . 2014-06-19 12:07        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 17:05 . 2010-12-19 08:50        128913832        ----a-w-        c:\windows\system32\MRT.exe
2015-04-14 07:37 . 2014-11-16 10:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-11-16 10:26        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-11-16 10:26        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-03-17 04:56 . 2015-04-15 06:52        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-02-26 09:35 . 2015-02-24 18:23        129752        ----a-w-        c:\windows\system32\drivers\549129BF.sys
2015-02-26 03:25 . 2015-03-12 17:59        3204096        ----a-w-        c:\windows\system32\win32k.sys
2015-02-24 02:17 . 2010-12-10 21:36        295552        ------w-        c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-12 18:00        41984        ----a-w-        c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-12 18:00        100864        ----a-w-        c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-12 18:00        14336        ----a-w-        c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-12 18:00        46080        ----a-w-        c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-12 18:00        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-12 18:00        10240        ----a-w-        c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-12 18:00        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-12 18:00        25600        ----a-w-        c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-12 18:00        372224        ----a-w-        c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-12 18:00        299008        ----a-w-        c:\windows\SysWow64\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-12 17:57        14177280        ----a-w-        c:\windows\system32\shell32.dll
2015-02-09 16:40 . 2015-02-08 11:45        129752        ----a-w-        c:\windows\system32\drivers\256016EC.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-02-19 18:14        297128        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"vspdfprsrv.exe"="f:\meine programme usw\PDF Experte Professional 8\vspdfprsrv.exe" [2012-04-23 6078464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\Alice85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" /nogui
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe;c:\program files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 REMOVE;REMOVE;c:\windows\SysWOW64\drivers\REMOVE.SYS;c:\windows\SysWOW64\drivers\REMOVE.SYS [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys;c:\windows\SYSNATIVE\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdm.sys [x]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssceserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;f:\meine programme usw\Video_Downloader\Freemake\CaptureLib\CaptureLibService.exe;f:\meine programme usw\Video_Downloader\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 MBAMScheduler;MBAMScheduler;f:\meine programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe;f:\meine programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;f:\meine programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe;f:\meine programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys;c:\windows\SYSNATIVE\DRIVERS\point64k.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-23 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-19 14:44]
.
2014-03-08 c:\windows\Tasks\FaxApplications.exe_{FB30AF0F-6126-405D-A859-E18CB77DB3E4}.job
- c:\program files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe [2012-10-17 03:34]
.
2015-02-04 c:\windows\Tasks\HP AR Program Upload - 19cdcc3d56c94515a8b6beec7cc9694cb1fbfa5bb14f4a55bbe8f9c8d77a02bf.job
- c:\program files\HP\HP Officejet 4620 series\bin\HPRewards.exe [2012-10-17 03:42]
.
2015-03-18 c:\windows\Tasks\HP AR Program Upload - 26d9bcf7d94b4426b5f484e2fa6e854170bc43760c3246279c403f8e239db6a2.job
- c:\program files\HP\HP Officejet 4620 series\bin\HPRewards.exe [2012-10-17 03:42]
.
2014-03-08 c:\windows\Tasks\HP Officejet 4620 series.exe_{EB8E82E8-A902-452A-8211-4EAA955FF8CF}.job
- c:\program files\HP\HP Officejet 4620 series\Bin\HP Officejet 4620 series.exe [2012-10-17 03:40]
.
2014-03-08 c:\windows\Tasks\HPCustPartic.exe_{311E4CFB-0E50-47A8-BBBB-83CFE6FD8C36}.job
- c:\program files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17 03:34]
.
2014-05-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:46]
.
2014-03-08 c:\windows\Tasks\Toolbox.exe_{2D8CB0C7-DEB9-4399-B998-F53FD417590E}.job
- c:\program files\HP\HP Officejet 4620 series\Bin\Toolbox.exe [2012-10-17 03:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-02-19 13:26        357376        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-18 10134560]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.orf.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = www.google.com
IE: Free YouTube Download - c:\users\Alice85\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\ie_banner_deny.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.orf.at/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-12-10 21:29; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-07-22 06:46; firejump@firejump.net; c:\users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\extensions\firejump@firejump.net
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
FF - user.js: network.http.spdy.enabled - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
AddRemove-12389d0863a0588ade0a083ab5270573 - c:\program files (x86)\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-1f61e7ec2576786d48806290a053bfc4 - c:\program files (x86)\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-573b2d3215fcadbbae7abed7d5c53b1f - c:\program files (x86)\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-Airline Mania - f:\meinep~1\SPIELE\AIRLIN~1\AIRLIN~1\UNWISE.EXE
AddRemove-AmazingMahjongg3D - f:\meinep~1\SPIELE\AMAZIN~1\UNWISE.EXE
AddRemove-Amulet of Time - f:\meinep~1\SPIELE\AMULET~1\UNWISE.EXE
AddRemove-Cradle Of Persia - f:\meinep~1\SPIELE\CRADLE~2\UNWISE.EXE
AddRemove-Cradle Of Rome - f:\meinep~1\SPIELE\CRADLE~1\UNWISE.EXE
AddRemove-d95139c32283ebef7fcf673654b9566d - c:\program files (x86)\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-Das Rettungsteam - f:\meinep~1\SPIELE\DASRET~1\UNWISE.EXE
AddRemove-Das Rettungsteam 2 - f:\meinep~1\SPIELE\DASRET~2\UNWISE.EXE
AddRemove-Das Rettungsteam 3 - f:\meinep~1\SPIELE\DASRET~3\UNWISE.EXE
AddRemove-Deadwood - Ghost Encounters - f:\meinep~1\SPIELE\DEADWO~1\UNWISE.EXE
AddRemove-Farm Frenzy - Das antike Rom - f:\meinep~1\SPIELE\FARMFR~3\UNWISE.EXE
AddRemove-Farm Frenzy 2 - f:\meinep~1\SPIELE\FARMFR~1\UNWISE.EXE
AddRemove-Farm Frenzy 3 - f:\meinep~1\SPIELE\FA3C3B~1\UNWISE.EXE
AddRemove-Farm Frenzy 3 - Madagaskar - f:\meinep~1\SPIELE\FARMFR~4\UNWISE.EXE
AddRemove-Farm Frenzy 3 American Pie - f:\meinep~1\SPIELE\FAE59A~1\UNWISE.EXE
AddRemove-Farm Frenzy 3 Ice Age - f:\meinep~1\SPIELE\FA3742~1\UNWISE.EXE
AddRemove-Farm Frenzy 3 Russisches Roulette - f:\meinep~1\SPIELE\FAFCD6~1\UNWISE.EXE
AddRemove-Farm Frenzy 4 - f:\meinep~1\SPIELE\FA52DC~1\UNWISE.EXE
AddRemove-FarmFrenzy - f:\meinep~1\SPIELE\FARMFR~2\UNWISE.EXE
AddRemove-FarmFrenzy Pizza Party - f:\meinep~1\SPIELE\FAE48F~1\UNWISE.EXE
AddRemove-Gegen die Zeit Box - f:\meine programme usw\Spiele\Uninstal.exe
AddRemove-Ghostville - The Happy Hereafter - f:\meinep~1\SPIELE\GHOSTV~1\UNWISE.EXE
AddRemove-Happy Chef - f:\meinep~1\SPIELE\HAPPYC~2\UNWISE.EXE
AddRemove-Happy Chef 2 - f:\meinep~1\SPIELE\HAPPYC~1\HAPPYC~1\UNWISE.EXE
AddRemove-Haus der 1000 Türen - Das Juwel des Zarathustra - f:\meinep~1\SPIELE\HAUSDE~1\UNWISE.EXE
AddRemove-Luxor HD - f:\meine programme usw\Spiele\MumboJumbo\Luxor HD\uninstall.exe
AddRemove-Paranormal State - f:\meinep~1\SPIELE\PARANO~1\UNWISE.EXE
AddRemove-Pearl Poppers - f:\meinep~1\SPIELE\PEARLP~1\UNWISE.EXE
AddRemove-Schatz der Azteken - f:\meinep~1\SPIELE\SCHATZ~1\UNWISE.EXE
AddRemove-SKIP-BO Castaway Caper - f:\meine programme usw\Spiele\SKIP-BO Castaway Caper\de\uninst.exe
AddRemove-Sonya - f:\meinep~1\SPIELE\SONYA\UNWISE.EXE
AddRemove-The Great Mahjongg - f:\meinep~1\SPIELE\THEGRE~1\UNWISE.EXE
AddRemove-True Fear - Verlorene Seelen - f:\meinep~1\TRUEFE~1\UNWISE.EXE
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Weihnachts-Mahjong - f:\meinep~1\SPIELE\WEIHNA~4\UNWISE.EXE
AddRemove-Weihnachtswunderland 1 - f:\meinep~1\SPIELE\WEIHNA~1\UNWISE.EXE
AddRemove-Weihnachtswunderland 2 - f:\meinep~1\SPIELE\WEIHNA~2\UNWISE.EXE
AddRemove-Weihnachtswunderland 3 - f:\meinep~1\SPIELE\WEIHNA~3\UNWISE.EXE
AddRemove-Zeit der Abenteuer - Der Held in dir - f:\meinep~1\SPIELE\ZEITDE~1\ZEITDE~1\UNWISE.EXE
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-09  18:13:22
ComboFix-quarantined-files.txt  2015-05-09 16:13
.
Vor Suchlauf: 17 Verzeichnis(se), 1.273.496.330.240 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 1.273.371.774.976 Bytes frei
.
- - End Of File - - C7080158D2778E96281CDA4D780367F4
A36C5E4F47E84449FF07ED3517B43A31
Danke sehr, dass du mir hilfst
Gruß
Alice85

schrauber 10.05.2015 06:44
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Alice85 10.05.2015 14:13
Also:

Malwarebytes Anti-Malware

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.05.2015
Suchlauf-Zeit: 14:19:32
Logdatei: Anti Malware Datei.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.10.03
Rootkit Datenbank: v2015.04.21.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Doro

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 398389
Verstrichene Zeit: 19 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
und:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 10.05.2015 13:52:22, SYSTEM, Alice85-PC, Protection, Malware Protection, Starting,
Protection, 10.05.2015 13:52:22, SYSTEM, Alice85-PC, Protection, Malware Protection, Started,
Protection, 10.05.2015 13:52:22, SYSTEM, Alice85-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 13:52:38, SYSTEM, Alice85-PC, Protection, Malicious Website Protection, Started,
Update, 10.05.2015 14:19:31, SYSTEM, Alice85-PC, Manual, Malware Database, 2015.5.9.4, 2015.5.10.3,
Protection, 10.05.2015 14:19:31, SYSTEM, Alice85-PC, Protection, Refresh, Starting,
Protection, 10.05.2015 14:19:31, SYSTEM, Alice85-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 14:19:31, SYSTEM, Alice85-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 14:19:36, SYSTEM, Alice85-PC, Protection, Refresh, Success,
Protection, 10.05.2015 14:19:36, SYSTEM, Alice85-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 14:19:36, SYSTEM, Alice85-PC, Protection, Malicious Website Protection, Started,
Scan, 10.05.2015 14:38:45, SYSTEM, Alice85-PC, Manual, Start: 10.05.2015 14:19:32, Dauer: 19 Minuten 13 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,

(end)
Dann AdwCleaner

Code:
# AdwCleaner v4.203 - Bericht erstellt 10/05/2015 um 14:44:37
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-09.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Alice85 - Alice85-PC
# Gestarted von : F:\meine Programme usw\Anti-Malware\AdwCleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files (x86)\SiteLookup
Ordner Gelöscht : C:\Users\Alice85\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Alice85\AppData\Roaming\RHEng
Datei Gelöscht : C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKU\.DEFAULT\Software\APN
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Ask.com
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B8713814E4D47A84297554B49AA067E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [16694 Bytes] - [10/05/2015 14:42:51]
AdwCleaner[S0].txt - [16200 Bytes] - [10/05/2015 14:44:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16260  Bytes] ##########
Dann Junkware Removal Tool

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Home Premium x64
Ran by Alice85 on 10.05.2015 at 14:54:49,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Classes\TypeLib\{006ad7b2-968a-11de-88c9-5bde55d89593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Alice85\AppData\Roaming\mozilla\firefox\profiles\g6092t0x.default\minidumps [64 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.05.2015 at 14:59:08,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und zum Schluss


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Alice85 (administrator) on Alice85-PC on 10-05-2015 15:07:10
Running from F:\meine Programme usw\Anti-Malware\FRST
Loaded Profiles: Alice85 (Available profiles: Alice85)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(SteelWerX) C:\ComboFix\swxcacls.3XE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-18] (Realtek Semiconductor)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2320752 2009-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [vspdfprsrv.exe] => F:\meine Programme usw\PDF Experte Professional 8\vspdfprsrv.exe [6078464 2012-04-23] (Visagesoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Alice85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-21]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-804858186-3083531089-3029207996-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?rd=1&ucc=AT&dcc=AT&opt=0&ocid=iehp
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-804858186-3083531089-3029207996-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-10] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-16] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.orf.at/
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-16] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-01-14] (Nitro PDF)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-804858186-3083531089-3029207996-1000: sony.com/MediaGoDetector -> F:\meine Programme usw\Handy Programm\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC)
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-804858186-3083531089-3029207996-1000\FireFox\user.js [2014-08-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPAdbESD.dll [2006-10-03] (Adobe Systems Incorporated)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-21]
FF Extension: Adblock Plus - C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-23]

Chrome:
=======
CHR Profile: C:\Users\Alice85\AppData\Local\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
S2 FreemakeVideoCapture; F:\meine Programme usw\Video_Downloader\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-02-10] (Ellora Assets Corp.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-01-14] (Nitro PDF Software)
S2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-09-30] (GEAR Software Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-30] (GFI Software)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-10] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [129024 2010-12-21] (MCCI Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 REMOVE; \??\C:\Windows\SysWOW64\drivers\REMOVE.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 15:06 - 2015-05-10 15:06 - 00000000 ___SD () C:\ComboFix
2015-05-10 14:59 - 2015-05-10 15:05 - 00000988 _____ () C:\Users\Alice85\Desktop\JRT.txt
2015-05-10 14:54 - 2015-05-10 14:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-Alice85-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-10 14:54 - 2015-05-10 14:54 - 00000000 ____D () C:\RegBackup
2015-05-10 14:49 - 2015-05-10 14:49 - 00016668 _____ () C:\Users\Alice85\Desktop\AdwCleaner[S0].txt
2015-05-10 14:42 - 2015-05-10 14:44 - 00000000 ____D () C:\AdwCleaner
2015-05-10 14:40 - 2015-05-10 14:40 - 00001329 _____ () C:\Users\Alice85\Desktop\Anti Malware Datei2.txt
2015-05-10 14:39 - 2015-05-10 14:39 - 00001213 _____ () C:\Users\Alice85\Desktop\Anti Malware Datei.txt
2015-05-09 18:13 - 2015-05-09 18:13 - 00028378 _____ () C:\ComboFix.txt
2015-05-09 18:01 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-09 18:01 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-09 18:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-09 18:00 - 2015-05-10 15:06 - 00000000 ____D () C:\Qoobox
2015-05-09 17:59 - 2015-05-09 17:59 - 05623215 ____R (Swearware) C:\Users\Alice85\Desktop\ComboFix.exe
2015-05-09 16:27 - 2015-05-09 16:27 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Goblinz
2015-05-08 20:06 - 2015-05-08 20:07 - 00065596 _____ () C:\Users\Alice85\Desktop\Addition.txt
2015-05-08 20:02 - 2015-05-08 20:06 - 00053720 _____ () C:\Users\Alice85\Desktop\FRST.txt
2015-04-29 11:39 - 2015-04-29 11:39 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-29 11:39 - 2015-04-29 11:39 - 00000966 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-25 18:56 - 2015-04-25 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 20:23 - 2015-04-15 20:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:53 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:53 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:53 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:53 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 08:53 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 08:53 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 08:53 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 08:53 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 08:53 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 08:53 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 08:53 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 08:53 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 08:53 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:53 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 08:53 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 08:52 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 08:52 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 08:52 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 08:52 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 08:52 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 08:52 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 08:52 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 08:52 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 08:52 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 08:52 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 08:52 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 08:52 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 08:52 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 08:52 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 08:52 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 08:52 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 08:52 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 08:52 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 08:52 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 08:52 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 08:52 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 08:52 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 08:52 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 08:52 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 08:52 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 08:52 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 08:52 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 08:52 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 08:52 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:52 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:52 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 08:52 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 08:52 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:52 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:52 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 08:52 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:52 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 08:52 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:52 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 08:52 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:52 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:52 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 08:52 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 08:52 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:52 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 08:52 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:52 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:52 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:52 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 08:52 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:52 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 08:52 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 08:52 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 08:52 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 08:52 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:52 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 08:52 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:52 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:52 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:52 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 08:52 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:52 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 08:52 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 08:52 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 08:52 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:52 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:52 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:52 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 08:52 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 08:52 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:52 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 08:52 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:52 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:52 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:52 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:52 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:52 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:52 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 08:52 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:52 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:52 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 08:52 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:52 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:52 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 08:52 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 08:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 19:06 - 2015-04-16 21:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\13141507.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 15:07 - 2014-11-12 11:46 - 00000000 ____D () C:\FRST
2015-05-10 14:54 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 14:54 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 14:47 - 2014-11-16 12:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 14:47 - 2014-05-31 09:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-10 14:46 - 2013-10-15 04:59 - 00056809 _____ () C:\Windows\setupact.log
2015-05-10 14:45 - 2010-10-07 09:03 - 01681014 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 13:51 - 2010-12-12 11:29 - 00463488 _____ () C:\Windows\PFRO.log
2015-05-09 18:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-08 19:09 - 2014-11-16 12:27 - 00001025 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 19:09 - 2014-11-16 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-07 19:27 - 2009-07-14 19:58 - 00702374 _____ () C:\Windows\system32\perfh007.dat
2015-05-07 19:27 - 2009-07-14 19:58 - 00150454 _____ () C:\Windows\system32\perfc007.dat
2015-05-07 19:27 - 2009-07-14 07:13 - 01628736 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-07 17:27 - 2012-10-15 20:54 - 00000000 ___RD () C:\Users\Alice85\Dropbox
2015-05-07 17:26 - 2012-10-15 20:48 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Dropbox
2015-04-30 12:18 - 2009-07-14 06:45 - 00516936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-29 21:03 - 2010-12-12 01:04 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Skype
2015-04-29 17:16 - 2010-10-11 08:58 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-29 11:53 - 2010-12-10 21:59 - 00158744 _____ () C:\Users\Alice85\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-29 11:40 - 2011-08-27 22:00 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-26 12:20 - 2013-06-14 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-23 21:23 - 2014-09-20 20:17 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-04-23 17:07 - 2012-10-15 20:54 - 00001021 _____ () C:\Users\Alice85\Desktop\Dropbox.lnk
2015-04-23 17:07 - 2012-10-15 20:51 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 16:44 - 2014-06-19 14:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-23 16:44 - 2014-06-19 14:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-23 16:44 - 2014-06-19 14:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-18 11:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2015-04-15 20:23 - 2014-05-06 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:14 - 2010-12-11 23:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 19:13 - 2012-12-23 19:47 - 01602080 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 19:10 - 2013-08-15 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 19:05 - 2010-12-19 10:50 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 09:37 - 2014-11-16 12:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-16 12:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-16 12:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-09-21 15:53 - 2014-09-21 15:53 - 0001239 _____ () C:\Users\Alice85\AppData\Roaming\settings.xml
2010-12-12 01:16 - 2010-12-12 01:16 - 0033134 _____ () C:\Users\Alice85\AppData\Roaming\UserTile.png
2011-09-20 17:48 - 2011-09-20 17:48 - 0000576 _____ () C:\Users\Alice85\AppData\Local\45D86D82.il
2012-05-27 18:24 - 2013-09-22 07:34 - 0006144 _____ () C:\Users\Alice85\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-20 17:48 - 2011-09-20 17:48 - 0000280 _____ () C:\Users\Alice85\AppData\Local\IndexIE_45D86D82.il
2014-06-07 21:22 - 2014-06-07 21:22 - 0000884 _____ () C:\Users\Alice85\AppData\Local\recently-used.xbel
2014-03-08 10:47 - 2014-03-08 10:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-12 01:05 - 2010-12-12 01:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-12-10 22:24 - 2014-03-08 10:19 - 0014202 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Alice85\AppData\Local\Temp\Quarantine.exe
C:\Users\Alice85\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-06-15 13:38

==================== End Of Log ============================
--- --- ---

Alice85 10.05.2015 19:50
Liste der Anhänge anzeigen (Anzahl: 1)
PROBLEM

ich kann plötzlich keinen Link mehr in einer Mail anklicken. Kriege immer folgende Fehlermeldung:

Alice85 11.05.2015 09:23
Was auch immer passiert ist. Die Fehlermeldung ist weg und ich kann wieder alle Links öffnen...

schrauber 12.05.2015 06:32

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Alice85 13.05.2015 16:14
Security Check

Code:
Results of screen317's Security Check version 1.001 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 TuneUp Utilities Language Pack (de-DE)
 Java 7 Update 67 
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169 
 Adobe Reader XI 
 Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avp.exe 
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avpui.exe 
 Anti-Malware Malwarebytes Anti-Malware Malwarebytes Anti-Malware mbamscheduler.exe
 Anti-Malware Security Check SecurityCheck.exe 
 Online Games Manager ogmservice.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Alice85 (administrator) on Alice85-PC on 13-05-2015 17:06:21
Running from F:\meine Programme usw\Anti-Malware\FRST
Loaded Profiles: Alice85 (Available profiles: Alice85)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) F:\meine Programme usw\Video_Downloader\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Malwarebytes Corporation) F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbam.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Visagesoft) F:\meine Programme usw\PDF Experte Professional 8\vspdfprsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-18] (Realtek Semiconductor)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2320752 2009-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [vspdfprsrv.exe] => F:\meine Programme usw\PDF Experte Professional 8\vspdfprsrv.exe [6078464 2012-04-23] (Visagesoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Alice85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-03-21]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-804858186-3083531089-3029207996-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?rd=1&ucc=AT&dcc=AT&opt=0&ocid=iehp
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-804858186-3083531089-3029207996-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orf.at/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-804858186-3083531089-3029207996-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-10] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-10] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-16] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-16] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.orf.at/
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-16] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-01-14] (Nitro PDF)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-804858186-3083531089-3029207996-1000: sony.com/MediaGoDetector -> F:\meine Programme usw\Handy Programm\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC)
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-804858186-3083531089-3029207996-1000\FireFox\user.js [2014-08-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPAdbESD.dll [2006-10-03] (Adobe Systems Incorporated)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-21]
FF Extension: Adblock Plus - C:\Users\Alice85\AppData\Roaming\Mozilla\Firefox\Profiles\g6092t0x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-23]

Chrome:
=======
CHR Profile: C:\Users\Alice85\AppData\Local\Google\Chrome\User Data\default
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 FreemakeVideoCapture; F:\meine Programme usw\Video_Downloader\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-02-10] (Ellora Assets Corp.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; F:\meine Programme usw\Anti-Malware\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-01-14] (Nitro PDF Software)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-09-30] (GEAR Software Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-30] (GFI Software)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-10] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 ssceserd; C:\Windows\System32\DRIVERS\ssceserd.sys [129024 2010-12-21] (MCCI Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 REMOVE; \??\C:\Windows\SysWOW64\drivers\REMOVE.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 12:00 - 2015-05-13 12:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-12 22:56 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:56 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 20:32 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:32 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 20:32 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 20:32 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 20:32 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 20:32 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 20:32 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 20:32 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 20:32 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 20:32 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 20:32 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 20:32 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 20:32 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 20:32 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 20:32 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 20:32 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 20:32 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 20:32 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 20:32 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 20:32 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 20:32 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 20:32 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:32 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 20:32 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 20:32 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 20:32 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:32 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 20:32 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 20:32 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 20:32 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 20:32 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 20:32 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 20:32 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 20:32 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 20:32 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 20:32 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 20:32 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 20:32 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 20:32 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 20:32 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 20:32 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 20:32 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 20:32 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 20:32 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 20:32 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 20:32 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 20:32 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 20:32 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 20:32 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 20:32 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 20:32 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 20:32 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 20:32 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 20:32 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 20:32 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 20:32 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 20:32 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 20:32 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 20:32 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 20:32 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 20:32 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 20:32 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 20:32 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:32 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 20:32 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:31 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 20:31 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:31 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:31 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 20:31 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 20:31 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:31 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:31 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 20:31 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 20:31 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 20:31 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 20:31 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 20:31 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 20:31 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 20:31 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 20:31 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 20:31 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:30 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:30 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:30 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 20:30 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:30 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:30 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:30 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:30 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 20:30 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 20:29 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 20:29 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 20:29 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 20:29 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 20:29 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 20:29 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 20:29 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 20:29 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:29 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-11 13:17 - 2015-05-11 13:17 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Floodlight Games
2015-05-11 13:17 - 2015-05-11 13:17 - 00000000 ____D () C:\ProgramData\Floodlight Games
2015-05-10 20:42 - 2015-05-10 20:42 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Specialbit
2015-05-10 15:06 - 2015-05-10 15:06 - 00000000 ___SD () C:\ComboFix
2015-05-10 14:54 - 2015-05-10 14:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-Alice85-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-10 14:54 - 2015-05-10 14:54 - 00000000 ____D () C:\RegBackup
2015-05-10 14:42 - 2015-05-10 14:44 - 00000000 ____D () C:\AdwCleaner
2015-05-09 18:13 - 2015-05-09 18:13 - 00028378 _____ () C:\ComboFix.txt
2015-05-09 18:01 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-09 18:01 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-09 18:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-09 18:01 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-09 18:00 - 2015-05-10 15:06 - 00000000 ____D () C:\Qoobox
2015-05-09 16:27 - 2015-05-09 16:27 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Goblinz
2015-04-29 11:39 - 2015-04-29 11:39 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-29 11:39 - 2015-04-29 11:39 - 00000966 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-25 18:56 - 2015-04-25 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 20:23 - 2015-04-15 20:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:53 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:53 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:53 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:53 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:53 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 08:53 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 08:53 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 08:53 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 08:53 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 08:53 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 08:53 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 08:53 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 08:53 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 08:53 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 08:53 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 08:53 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:53 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 08:53 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 08:52 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 08:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 19:06 - 2015-04-16 21:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\13141507.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 17:06 - 2014-11-12 11:46 - 00000000 ____D () C:\FRST
2015-05-13 16:55 - 2010-10-07 09:03 - 01474933 _____ () C:\Windows\WindowsUpdate.log
2015-05-13 16:46 - 2014-05-31 09:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-13 11:46 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-13 11:46 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-13 11:44 - 2009-07-14 19:58 - 00702374 _____ () C:\Windows\system32\perfh007.dat
2015-05-13 11:44 - 2009-07-14 19:58 - 00150454 _____ () C:\Windows\system32\perfc007.dat
2015-05-13 11:44 - 2009-07-14 07:13 - 01628736 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 11:40 - 2014-11-16 12:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 11:37 - 2013-10-15 04:59 - 00057201 _____ () C:\Windows\setupact.log
2015-05-13 11:37 - 2009-07-14 06:45 - 00516936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 11:36 - 2014-09-20 20:17 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-05-13 11:35 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 11:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 23:16 - 2010-12-11 23:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 23:13 - 2013-08-15 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 23:04 - 2010-12-19 10:50 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:56 - 2012-05-11 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:55 - 2012-05-11 19:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 22:55 - 2012-05-11 19:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 06:59 - 2010-12-12 01:04 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Skype
2015-05-10 13:51 - 2010-12-12 11:29 - 00463488 _____ () C:\Windows\PFRO.log
2015-05-09 18:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-08 19:09 - 2014-11-16 12:27 - 00001025 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 19:09 - 2014-11-16 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-07 17:27 - 2012-10-15 20:54 - 00000000 ___RD () C:\Users\Alice85\Dropbox
2015-05-07 17:26 - 2012-10-15 20:48 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Dropbox
2015-04-29 17:16 - 2010-10-11 08:58 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-29 11:53 - 2010-12-10 21:59 - 00158744 _____ () C:\Users\Alice85\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-29 11:40 - 2011-08-27 22:00 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-26 12:20 - 2013-06-14 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-23 17:07 - 2012-10-15 20:54 - 00001021 _____ () C:\Users\Alice85\Desktop\Dropbox.lnk
2015-04-23 17:07 - 2012-10-15 20:51 - 00000000 ____D () C:\Users\Alice85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 16:44 - 2014-06-19 14:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-23 16:44 - 2014-06-19 14:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-23 16:44 - 2014-06-19 14:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-18 11:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2015-04-15 20:23 - 2014-05-06 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:13 - 2012-12-23 19:47 - 01602080 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 09:37 - 2014-11-16 12:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-16 12:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-16 12:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-09-21 15:53 - 2014-09-21 15:53 - 0001239 _____ () C:\Users\Alice85\AppData\Roaming\settings.xml
2010-12-12 01:16 - 2010-12-12 01:16 - 0033134 _____ () C:\Users\Alice85\AppData\Roaming\UserTile.png
2011-09-20 17:48 - 2011-09-20 17:48 - 0000576 _____ () C:\Users\Alice85\AppData\Local\45D86D82.il
2012-05-27 18:24 - 2013-09-22 07:34 - 0006144 _____ () C:\Users\Alice85\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-20 17:48 - 2011-09-20 17:48 - 0000280 _____ () C:\Users\Alice85\AppData\Local\IndexIE_45D86D82.il
2014-06-07 21:22 - 2014-06-07 21:22 - 0000884 _____ () C:\Users\Alice85\AppData\Local\recently-used.xbel
2014-03-08 10:47 - 2014-03-08 10:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-12 01:05 - 2010-12-12 01:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-12-10 22:24 - 2014-03-08 10:19 - 0014202 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Alice85\AppData\Local\Temp\Quarantine.exe
C:\Users\Alice85\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-06-15 13:38

==================== End Of Log ============================
--- --- ---


:heulen::heulen: ich kann die Defragmentierung noch immer nicht starten. Er zeigt mir nach wie vor die selben Fehlermeldungen :'( :'(

schrauber 14.05.2015 09:29
ESET Onlinescan gemacht?

Alice85 14.05.2015 15:33
Ja er hat mir einige Bedrohungen angezeigt - SHIT - ich habe deine Anweisung nicht ganz genau befolgt. Bin ich ein ....
OK alles klar.
Soll ich diesen Scan nochmal machen?

Der Malewarebytes Anti-Malware hat mir heute 12 Bedrohungen angezeigt.
Ich mache als Anweder irgendwelche Fehler. Ich bin drauf gekommen, dass paar Spiele die ich mir vom Internet runtergeladen habe (Kostenpflichtig zB dieses https://www.purplehills.de/youda-survivor.html) Viren enthalten haben. Ich habe denen eine entsprechende Mail geschrieben und die Spiele deinstalliert.
Heute als ich ein Spiel gespielt habe (welches ich aber als CD besitze) habe ich Fehler entdeckt wie: als ich zB das Spiel minimiert habe und zB auf Facebook ging waren auf der Seite so pixelige Spuren. Zwar wenige aber doch ausreichende um sie zu bemerken. Das war der Grund warum ich dann eben mal Malewarebytes gestartet habe.

Bitte entschuldige dass du dir bereits solche Mühe gegeben hast. Ich bin erst im Zuge dessen drauf gekommen. Denn nach dem SecurityCheck konnte ich dieses eine Spiel nicht mehr starten und als ich versucht habe es erneut runter zu laden bekam ich die Fehlermeldung dass sich ein Trojaner reinschleichen will. Das war auch der Grund warum ich die Spiele sofort deinstalliert habe.

So funktioniert mein PC eh tadellos nur diese blöde Defragmentierung funktioniert noch immer nicht. Wahrscheinlich deshalb nicht weil ich den Eset-OnlineScan nicht so gemacht habe wie es hieß.

Daher - das was ich jetzt noch gemacht habe ist eben der Malewarebytes und Kaspersky (nacheinander) gestartet.

Mehr mache ich jetzt nicht - warte auf deine Anweisungen und bitte entschuldige, dass ich die eine Anweisung nicht ordentlich befolgt habe!

Liebe Grüße
Alice85

schrauber 14.05.2015 20:59
Mit ESET will ich nur auf Malware-Reste testen, das Defragmentieren ist ein Folgefehler in Windows.

Mach bitte ESET, und das hier:

Windows Repair Tool laufen lassen:
Windows reparieren - so geht's - Anleitungen

Alice85 16.05.2015 13:19
Liste der Anhänge anzeigen (Anzahl: 1)
Log von ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0e018f8099672944a08ef2656df34115
# engine=23867
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-15 08:42:12
# local_time=2015-05-15 10:42:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12665 183352382 0 0
# scanned=399681
# found=70
# cleaned=0
# scan_time=10886
sh=AD013DC22D67048F07EF20409D4244614F98AD5C ft=1 fh=06e5f03d5fcfade3 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\ToneGen\tnsetup_v3.02.exe"
sh=0102344B60E304C53FE18E43ACDA018E4793D6F2 ft=1 fh=25ec4fbf36c29781 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\ToneGen\tonegen.exe"
sh=D15AC1231AB6E375D4E5719D60B819A0BC970BEB ft=1 fh=dfd20b7536c29781 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\ToneGen\uninst.exe"
sh=F86E29A7580693D4223F63EB20B8FCF3F612265D ft=1 fh=ab7164159af7c3fc vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\WavePad\uninst.exe"
sh=7433088624296A9B12AD9F80DA709858F1FF2643 ft=1 fh=514f20df9af7c3fc vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe"
sh=193B29026400A796F3114FAB1013A83F872CC1BC ft=1 fh=243538447c32808b vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\WavePad\wpsetup_v5.15.exe"
sh=D673E6C528EFFA009E83D6F05BA5BDB98D2D1E73 ft=1 fh=a3f46797e2b7a643 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Swift Sound\MixPad\mixpad.exe"
sh=61514585C6ED89FD11419C4B3EB389E879A174FD ft=1 fh=41bff0f8d4353f6f vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Swift Sound\MixPad\mpsetup_v2.21.exe"
sh=EF5F5804AE347A6D2C88F6812F4DCB3AFD309993 ft=1 fh=59ca235de2b7a643 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Swift Sound\MixPad\uninst.exe"
sh=76CB121F531DE760C131B09D6AACDE63815CB13C ft=1 fh=764fe04f814e4902 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe"
sh=136EEC90E174B49145E6C39D30450055BA417803 ft=1 fh=978ee7be8d873d85 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup452_v4.52.exe"
sh=C9458B94EC2B0FED795465612049AE1CC59EA274 ft=1 fh=59bca1873b4e9a83 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup_4.52_v4.47.exe"
sh=12C83C4A2E632D5BEA4C7EFCCBD122D0CFCB915E ft=1 fh=ce3e0c67f4d17fdf vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup_v4.47.exe"
sh=FBEC55544AD175212DBFDCF9D792E18E71D9F46D ft=1 fh=01bbfdc3f0878bb7 vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alice85\Desktop\Pazera_Free_FLV_to_AVI_Converter_17.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alice85\Desktop\andere Verknüpfungen\PDFCreator-1_6_2_setup.exe"
sh=B83FF546AF5E7C082EF6F0D5E3E41E413E1FD544 ft=1 fh=80eb72a441246218 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alice85\Desktop\andere Verknüpfungen\vlc-1.1.7DE.exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.R evtl. unerwünschte Anwendung" ac=I fn="F:\Alice85\Philips_GoGear_Ariaz_Treiber_Update_10-2014.exe"
sh=474BBF68C7AAC25A6ADBFD471993F52584CAEA89 ft=1 fh=7302f6233443ba92 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\Alice85\Programme\FreeYouTubeToMP3Converter.exe"
sh=9C084C7AF908492C4EDE6D85B5449CFFF5E36101 ft=1 fh=99b8a4bcbca1e78e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="F:\meine Programme usw\Anti-Malware\rKill-lnstall.exe"
sh=71F9CFC8E6276B16E2863AA899D21B241E67D2FF ft=1 fh=dfd99d425bc9c01e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\meine Programme usw\Sonstige Programme\DirectX 8.0\DirectX - CHIP-Installer.exe"
sh=193B29026400A796F3114FAB1013A83F872CC1BC ft=1 fh=243538447c32808b vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="F:\meine Programme usw\WavePad\wpsetup.exe"
sh=EE072FA3FD3DFFA5C766D8D8F7ADAF25588914AA ft=1 fh=90acba26c47f2848 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="F:\meine Programme usw\PDF Creator\computerbild_downloader_fuer_pdfcreator.exe"
sh=2898AC44F5B280E0A16E3ECEAED861EA6C1B122F ft=1 fh=90c5cb6befc06df7 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\meine Programme usw\Free Studio\FreeYouTubetoMP3Converter1.exe"
sh=F4B79A4C1E0E962B830381CC1D2D631B425B7E15 ft=1 fh=af2ab16eba536ef9 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\meine Programme usw\Free Studio\FreeStudio.exe"
sh=3223C6F5E87545910F4BFF3E69A7406BA27E92EC ft=1 fh=ad3ea198fc5a8952 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\meine Programme usw\Free Studio\Free YouTube to DVD Converter\de-DE\Free YouTube to DVD Converter - CHIP-Installer.exe"
sh=02C24FE6047EE18DA059CC639326916748E6E5BD ft=1 fh=7d51380ff02e8280 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\Lieder\FreeStudio.exe"
sh=02C24FE6047EE18DA059CC639326916748E6E5BD ft=1 fh=7d51380ff02e8280 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-804858186-3083531089-3029207996-1000\$R1IT1TD\FreeStudio.exe"
sh=02C24FE6047EE18DA059CC639326916748E6E5BD ft=1 fh=7d51380ff02e8280 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-804858186-3083531089-3029207996-1000\$R6LS3P0\FreeStudio.exe"
sh=6A3909E3B7FD5083C48E074F7D1C1BD4972D4F43 ft=1 fh=1580285302b6aee0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Alice85-Sicherung-v-USB\Alte Sicherung\Sicherung 12.02.11\FreeStudio.exe"
sh=A78DF9C598739490BF37D3C683155E1DE5F13067 ft=1 fh=2daf83e0779085bf vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="G:\Alice85-Sicherung-v-USB\Alte Sicherung\Sicherung 12.02.11\SoftonicDownloader_fuer_tweaker-for-outlook-express.exe"
sh=6CB28E0AD9A413FA7270DAF7AFEF19E67A541AD4 ft=1 fh=c97717347ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="G:\Alice85-Sicherung-v-USB\Alte Sicherung\Sicherung 12.02.11\SoftonicDownloader_fuer_virtual-dj.exe"
sh=BFD171EE48F274CC5F4E965A375C944D1AB20946 ft=1 fh=0e6da9c7c54948cb vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="G:\meine Programme usw\SoftonicDownloader_fuer_songbird.exe"
sh=193B29026400A796F3114FAB1013A83F872CC1BC ft=1 fh=243538447c32808b vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="G:\meine Programme usw\WavePad\wpsetup.exe"
sh=FED3068DED54AABA2A7C34BBE4EA34E66C5A0518 ft=1 fh=c71c0011f3ca19b4 vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files\Web Assistant\DGChrome.exe"
sh=BFDFD8F53C79B1417D1193C02957E5992CFA3216 ft=1 fh=c9551990b9a42473 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files\Web Assistant\Extension32.dll"
sh=DD00B0CC8E30FE490C14BEEE6BB56EB5FF0EDE69 ft=1 fh=8d103e6be68611d1 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files\Web Assistant\Extension64.dll"
sh=1D7C8B23922EB5D9066DE409AC44C2D4DDE0C3BC ft=1 fh=44cb42722b2e534f vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files\Web Assistant\ExtensionUpdaterService.exe"
sh=D661C32BD4338FDF559E8E2A8AF156ED9E2D2C04 ft=1 fh=c3bfbfa696fe282f vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files\Web Assistant\InstallerHelper.dll"
sh=119A41121BADE1F75835C1C8BEA16DCAF08BDA65 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files\Web Assistant\source.crx"
sh=33B851914CCC54FAE9B1A17B71BE5554584126E4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files\Web Assistant\Firefox\chrome\content\main.js"
sh=4F90900FE718B4480C2E6C089E53404662893B9C ft=1 fh=b90ec9ef7e64efb2 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Ad-Aware Antivirus\AdAwareSafeBrowsing.exe"
sh=0AC984C092753511E6BE6DEFDE8A00D9383FBC64 ft=1 fh=c71c0011b7f0322f vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll"
sh=79936EC6AE99F9620F27BE4FD814F0728F206AFA ft=1 fh=c71c00115f1871a9 vn="Win32/Toolbar.Montiera.R evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll"
sh=0B733E68082A8A6D442076F04560D87C274F4343 ft=1 fh=c71c001183cce06d vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe"
sh=D99A3225C9887C347B30002398245FB679C88B05 ft=1 fh=c71c00119cd1e83d vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll"
sh=6D3CF20E7CCB1A1A13A703BFC6A275974D914781 ft=1 fh=c71c00115907386a vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll"
sh=AD013DC22D67048F07EF20409D4244614F98AD5C ft=1 fh=06e5f03d5fcfade3 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Software\ToneGen\tnsetup_v3.02.exe"
sh=0102344B60E304C53FE18E43ACDA018E4793D6F2 ft=1 fh=25ec4fbf36c29781 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Software\ToneGen\tonegen.exe"
sh=D15AC1231AB6E375D4E5719D60B819A0BC970BEB ft=1 fh=dfd20b7536c29781 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Software\ToneGen\uninst.exe"
sh=F86E29A7580693D4223F63EB20B8FCF3F612265D ft=1 fh=ab7164159af7c3fc vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Software\WavePad\uninst.exe"
sh=7433088624296A9B12AD9F80DA709858F1FF2643 ft=1 fh=514f20df9af7c3fc vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Software\WavePad\wavepad.exe"
sh=193B29026400A796F3114FAB1013A83F872CC1BC ft=1 fh=243538447c32808b vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Software\WavePad\wpsetup_v5.15.exe"
sh=D673E6C528EFFA009E83D6F05BA5BDB98D2D1E73 ft=1 fh=a3f46797e2b7a643 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Swift Sound\MixPad\mixpad.exe"
sh=61514585C6ED89FD11419C4B3EB389E879A174FD ft=1 fh=41bff0f8d4353f6f vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Swift Sound\MixPad\mpsetup_v2.21.exe"
sh=EF5F5804AE347A6D2C88F6812F4DCB3AFD309993 ft=1 fh=59ca235de2b7a643 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Swift Sound\MixPad\uninst.exe"
sh=76CB121F531DE760C131B09D6AACDE63815CB13C ft=1 fh=764fe04f814e4902 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe"
sh=136EEC90E174B49145E6C39D30450055BA417803 ft=1 fh=978ee7be8d873d85 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup452_v4.52.exe"
sh=C9458B94EC2B0FED795465612049AE1CC59EA274 ft=1 fh=59bca1873b4e9a83 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup_4.52_v4.47.exe"
sh=12C83C4A2E632D5BEA4C7EFCCBD122D0CFCB915E ft=1 fh=ce3e0c67f4d17fdf vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\NCH Swift Sound\WavePad\wpsetup_v4.47.exe"
sh=3917147823A758100906ED7D8A3EDB4D11E1F8E9 ft=1 fh=d91bac54e55f9c19 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Softonic\Softonic\1.8.19.3\escortShld.dll"
sh=8F74EFE480046FE6E203BE9A311B958F66F22F08 ft=1 fh=e5ed2092366c160f vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Softonic\Softonic\1.8.19.3\SoftonicApp.dll"
sh=F4993FA40CF8BEA4D8891DE0D8D72FA257279F97 ft=1 fh=e26e53f8b46b0a54 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Softonic\Softonic\1.8.19.3\SoftonicEng.dll"
sh=ADD45A79D905D2D89CE12C54763096F0E6491BC9 ft=1 fh=9d39e6669352d342 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Softonic\Softonic\1.8.19.3\Softonicsrv.exe"
sh=DF1389D116C8B91DF36BD9121C2E9EC455C9A459 ft=1 fh=60d511d36736ef50 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll"
sh=E1A63F66A02312BF6470BF4EF902D471CDC35841 ft=1 fh=8248559014ea4021 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Softonic\Softonic\1.8.19.3\uninstall.exe"
sh=54480E6AF73EC89F3FBC7A95D685688D5C7EDD7A ft=1 fh=78d9d64ce1151729 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme_C-Platte\Program Files (x86)\Softonic\Softonic\1.8.19.3\bh\Softonic.dll"
sh=474BBF68C7AAC25A6ADBFD471993F52584CAEA89 ft=1 fh=7302f6233443ba92 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Sicherung - Alice85-Eigene Dateien\Alice85\Programme\FreeYouTubeToMP3Converter.exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.R evtl. unerwünschte Anwendung" ac=I fn="G:\Sicherung - Alice85-Eigene Dateien\Sicherung von 28.03.2015\Alice85\Philips_GoGear_Ariaz_Treiber_Update_10-2014.exe"
sh=474BBF68C7AAC25A6ADBFD471993F52584CAEA89 ft=1 fh=7302f6233443ba92 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Sicherung - Alice85-Eigene Dateien\Sicherung von 28.03.2015\Alice85\Programme\FreeYouTubeToMP3Converter.exe"
sh=474BBF68C7AAC25A6ADBFD471993F52584CAEA89 ft=1 fh=7302f6233443ba92 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Sicherung - Alice85-Eigene Dateien\Sicherung von 28.12.2014\Programme\FreeYouTubeToMP3Converter.exe"
Was soll ich jetzt machen? ESET sagt mir, dass er einige Bedrohungen gefunden hat

Mein Defragmentierungsproblem ist jetzt gelöst! Ich kann endlich in das Programm rein.:applaus::applaus: 1000 DANK dafür!!! :dankeschoen: :dankeschoen: :dankeschoen:

Eins würde mich noch interessieren - vielleicht hat das eh was damit zu tun dass ESET mir einige Bedrohungen angezeigt hat... - so hat gestern am Abend bei mir die Seite ausgeschaut - (siehe Anhang Pixelige Seite) und das hatte ich noch nie!


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:30 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27