Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.05.2015, 20:23   #31
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Auf dem Desktop meines ersten oder zweiten accounts?

Alt 03.05.2015, 20:25   #32
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Den mit Admin-Rechten.
__________________

__________________

Alt 03.05.2015, 20:35   #33
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Danke, scan läuft.

Und hier die Ergebnisse:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 21:29 on 03/05/2015 by Torsten
Administrator - Elevation successful

========== filefind ==========

Searching for "*searching*"
C:\MP3\Yes\Union\11 - Dangerous (Look In The Light Of What You're Searching For).mp3	--a---- 4370405 bytes	[23:31 11/05/2012]	[21:00 21/10/2008] C813923909D2F424DA597B6C25215371
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AN5VIW7\150x150_q75_t_www-searching-installer[1].jpg	--a---- 7123 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 42557690ED657104274D29AEEA459CA3
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AN5VIW7\www-searching-explorer-extensions[1].jpg	--a---- 74123 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] E79BD5B2510EF63CBAD493EDB2595D6E
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CMQBNNAB\www-searching-chrome-extensions[1].jpg	--a---- 43101 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 24734B60C6CB3E0F565220AB109CFBFD
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CMQBNNAB\www-searching-chrome-homepage[1].jpg	--a---- 13870 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] DB9369475E1736380062664E2FF1360B
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CMQBNNAB\www-searching-com-redirect[1].png	--a---- 673 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 37AB4BF2C820C889402FFD815DE12FB2
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CMQBNNAB\www-searching-firefox-extensions[1].jpg	--a---- 55698 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 6A506C0AB1FF2ADA1BAA3763D1E57136
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CMQBNNAB\www-searching-firefox-homepage[1].jpg	--a---- 52145 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 9D1F3103E5669B50F03118F30DEA62F7
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYFFDWU8\150x150_q75_t_www-searching-com-installer2[1].jpg	--a---- 6395 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] A2CEC7E1E1854372B3B65CC50FE16248
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYFFDWU8\www-searching-firefox-default-search[1].jpg	--a---- 33428 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 89AFE4D572F48BABADECEF0CFC79786A
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYFFDWU8\www-searching-uninstall[1].jpg	--a---- 69830 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] BA290B8C3AA32DFEE3136324AF43ABB3
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV5E90J3\www-searching-chrome-default-search[1].jpg	--a---- 42972 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 7DF8D22F59FCF67F2E63B80D45040666
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV5E90J3\www-searching-explorer-default-search[1].jpg	--a---- 68168 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 97EA065936EE6932A4FE853E38A6A40E
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV5E90J3\www-searching-explorer-homepage[1].jpg	--a---- 91796 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 3CDDF1B76F6048BCB4F9D39299A91E40
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XV5E90J3\www-searching-hijacker[1].jpg	--a---- 47134 bytes	[17:34 03/05/2015]	[17:34 03/05/2015] 19DB34EBDB7970D6A2964C1D0C36CFE0

========== regfind ==========

Searching for "searching"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching]

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\System Properties]
"productname"="HP 630 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\SystemProperties]
"productname"="HP 630 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\System Properties]
"productname"="HP 630 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\SystemProperties]
"productname"="HP 630 Notebook PC              "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"PCModel"="HP 630 Notebook PC              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#10102266002513&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#T1205020002101&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HP&PROD_V210W&REV_1100#AA04012700007642&0#]
"DeviceDesc"="v210w           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.01#2204831B77C0C43C&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#10102266002513&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#T1205020002101&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HP&PROD_V210W&REV_1100#AA04012700007642&0#]
"DeviceDesc"="v210w           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.01#2204831B77C0C43C&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_#10102266002513&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_1100#T1205020002101&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_HP&PROD_V210W&REV_1100#AA04012700007642&0#]
"DeviceDesc"="v210w           "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.01#2204831B77C0C43C&0#]
"DeviceDesc"="Cruzer          "

-= EOF =-
         
__________________

Alt 03.05.2015, 20:41   #34
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



es geht in dem anderen Profil um den Firefox richtig?

Bitte mal zurücksetzen. Wenn das nicht hilft, dem anderen Konto Admin-Rechte geben und FRST-Scan wiederholen.

Melde mich dann morgen wieder.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.05.2015, 20:46   #35
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Firefox und IE


Alt 03.05.2015, 20:48   #36
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Ja dann wie oben beschrieben Browser zurücksetzen, sonst FRST als Admin.
__________________
--> mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?

Alt 03.05.2015, 20:57   #37
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Browser zurücksetzen hatte keinen Erfolg. Ich habe dem zweiten Account jetzt Adminrechte übertragen. Hier der FRST LOG

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Teaching (administrator) on TORSTEN-HP on 03-05-2015 21:54:46
Running from C:\Users\Teaching\Desktop
Loaded Profiles: Teaching (Available profiles: Torsten & Teaching)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Ocs_SM] => C:\Users\Torsten\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Teaching\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\zrqgxxmx.default-1430674021451
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-25] (Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-25]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3863440553-3622452381-3390168598-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-09] (SurfRight B.V.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-04-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 21:29 - 2015-05-03 21:31 - 00017402 _____ () C:\Users\Torsten\Desktop\SystemLook.txt
2015-05-03 21:28 - 2015-05-03 21:28 - 00165376 _____ () C:\Users\Torsten\Desktop\SystemLook_x64.exe
2015-05-03 20:08 - 2015-05-03 20:08 - 00045096 _____ () C:\Users\Teaching\Desktop\Addition.txt
2015-05-03 20:07 - 2015-05-03 21:54 - 00017114 _____ () C:\Users\Teaching\Desktop\FRST.txt
2015-05-03 20:07 - 2015-05-03 21:54 - 00000000 ____D () C:\FRST
2015-05-03 20:07 - 2015-05-03 20:07 - 02101248 _____ (Farbar) C:\Users\Teaching\Desktop\FRST64.exe
2015-05-03 19:27 - 2015-05-03 19:27 - 00000000 ____D () C:\Users\Teaching\Desktop\Alte Firefox-Daten
2015-05-03 17:27 - 2015-05-03 17:27 - 00000000 ____D () C:\Users\Teaching\AppData\Local\VirtualStore
2015-05-03 17:25 - 2015-05-03 17:31 - 00000612 _____ () C:\DelFix.txt
2015-05-03 17:14 - 2015-05-03 17:14 - 00000000 ____D () C:\Users\Teaching\AppData\Roaming\hpqlog
2015-05-03 17:12 - 2015-05-03 17:12 - 00000000 ____D () C:\Users\Teaching\AppData\Local\PDFC
2015-05-02 21:03 - 2015-05-02 21:03 - 00000000 ____D () C:\Users\Torsten\AppData\Local\PDFC
2015-05-02 20:47 - 2015-05-02 19:19 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-02 17:12 - 2015-05-02 17:12 - 02785665 _____ (PortableApps.com) C:\Users\Torsten\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-05-02 16:06 - 2015-05-03 21:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 16:06 - 2015-05-02 16:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-02 16:06 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 16:06 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-01 13:05 - 2015-05-01 13:05 - 00002256 _____ () C:\Users\Torsten\Desktop\Hotmail.lnk
2015-05-01 13:05 - 2015-05-01 13:05 - 00002252 _____ () C:\Users\Torsten\Desktop\Amazon.lnk
2015-05-01 04:42 - 2015-05-01 04:42 - 00000000 ____D () C:\ProgramData\c3b54530000537e
2015-05-01 04:28 - 2015-05-01 04:28 - 00000815 _____ () C:\Windows\SysWOW64\SetupComponents.exe
2015-05-01 04:13 - 2015-05-01 04:13 - 00003166 _____ () C:\Windows\System32\Tasks\{197C4A28-5810-4C42-944B-909B35B74110}
2015-04-30 18:43 - 2015-04-30 18:43 - 14400913 _____ () C:\Users\Torsten\Downloads\video-1430406369.mp4.mp4
2015-04-25 15:53 - 2015-04-25 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 23:10 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 23:10 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 23:10 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 23:10 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 23:10 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 23:10 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 23:10 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 23:10 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 23:10 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 23:10 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 23:10 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 23:10 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 23:10 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 23:10 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 23:10 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 23:10 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 23:10 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 23:10 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 23:10 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 23:10 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 23:10 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 23:10 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 23:10 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 23:09 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 23:09 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 23:09 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 23:09 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 23:09 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 23:09 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 23:09 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 23:09 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 23:09 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 23:09 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 23:09 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 23:09 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 23:09 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 23:09 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 23:09 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 23:09 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 23:09 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 23:09 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 23:09 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 23:09 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 23:09 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 23:09 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 23:09 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 23:09 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 23:09 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 23:09 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 23:09 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 23:09 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 23:09 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 23:09 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 23:09 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 23:09 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 23:09 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 23:09 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 23:09 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 23:09 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 23:09 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 23:09 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 23:09 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 23:09 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 23:09 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 23:09 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 23:09 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 23:09 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 23:09 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 23:09 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 23:09 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 23:09 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 23:09 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 23:09 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 23:08 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 23:08 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 23:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 11:59 - 2015-04-07 11:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 23:17 - 2015-04-08 00:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 21:53 - 2011-11-09 15:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-03 21:53 - 2011-05-09 12:38 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-03 21:52 - 2012-10-14 09:48 - 00287888 _____ () C:\Windows\PFRO.log
2015-05-03 21:52 - 2012-09-17 15:51 - 00056270 _____ () C:\Windows\setupact.log
2015-05-03 21:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 21:51 - 2012-05-12 00:53 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\SoftGrid Client
2015-05-03 21:51 - 2011-11-09 14:37 - 01893445 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 21:47 - 2012-05-07 17:14 - 00000000 ____D () C:\Users\Torsten\Documents\Bluetooth Folder
2015-05-03 20:05 - 2014-11-04 16:08 - 00000000 ____D () C:\Users\Teaching\AppData\Local\CrashDumps
2015-05-03 20:05 - 2014-08-24 22:14 - 00000000 ____D () C:\Users\Teaching\Documents\Bluetooth Folder
2015-05-03 19:25 - 2014-08-24 22:14 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FFD84C7-6732-4C5B-A72B-D723AB6E6469}
2015-05-03 19:15 - 2014-09-20 18:44 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000UA.job
2015-05-03 17:43 - 2014-12-13 11:40 - 00000000 ____D () C:\Program Files\paint.net
2015-05-03 17:26 - 2014-05-13 14:02 - 00000000 ____D () C:\Windows\ERUNT
2015-05-03 17:13 - 2014-08-24 22:17 - 00000000 ___RD () C:\Teaching
2015-05-03 15:27 - 2012-05-07 17:13 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{307F94D9-B34C-4617-AD2B-73B8502BE40E}
2015-05-03 13:12 - 2014-12-10 17:29 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForTorsten.job
2015-05-03 13:11 - 2014-12-10 17:29 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTorsten
2015-05-03 12:07 - 2011-05-09 22:12 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 12:07 - 2011-05-09 22:12 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 12:07 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 12:07 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:07 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 12:00 - 2012-05-07 17:31 - 00000000 ___RD () C:\Users\Torsten\Dropbox
2015-05-03 12:00 - 2012-05-07 17:24 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Dropbox
2015-05-03 11:57 - 2014-09-20 18:44 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3863440553-3622452381-3390168598-1000Core.job
2015-05-02 20:59 - 2014-05-13 12:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-02 20:16 - 2012-06-18 15:15 - 00000000 ____D () C:\Users\Torsten\AppData\Local\CrashDumps
2015-05-02 17:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2015-05-02 15:56 - 2013-10-13 19:46 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-02 15:56 - 2012-05-07 17:13 - 00001186 _____ () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-02 15:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-02 15:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-02 15:55 - 2012-05-07 16:14 - 00000000 ____D () C:\Users\Torsten
2015-05-02 15:23 - 2014-08-24 22:14 - 00001595 _____ () C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-01 12:50 - 2012-09-20 11:21 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\vlc
2015-05-01 12:41 - 2012-05-09 14:41 - 00000000 ____D () C:\Users\Torsten\Desktop\Mathe
2015-05-01 12:40 - 2012-05-12 01:05 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Winamp
2015-04-29 13:11 - 2012-05-09 17:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-29 09:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-29 09:06 - 2012-05-07 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-27 22:43 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Torsten\MediathekView
2015-04-27 22:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-24 00:28 - 2012-05-07 17:29 - 00000000 ____D () C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-20 11:45 - 2012-05-07 17:12 - 00058016 _____ () C:\Users\Torsten\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 23:34 - 2015-02-01 14:10 - 00000000 ____D () C:\Users\Torsten\.mediathek3
2015-04-15 08:58 - 2012-05-07 18:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:58 - 2012-05-07 18:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 08:01 - 2014-12-11 10:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 08:01 - 2014-05-07 11:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 08:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:07 - 2012-05-12 00:52 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 07:04 - 2013-07-18 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 06:57 - 2012-05-13 23:46 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 04:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-06-10 23:54 - 2014-06-10 23:54 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu19qei.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-29 09:37

==================== End Of Log ============================
         
--- --- ---

Gute Nacht
Torsten

Alt 04.05.2015, 11:07   #38
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Hi,

Schritt 1
Download von ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    autoclean;
    FFdefaults;
    iedefaults;
    emptyclsid;
    shortcutfix;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2015, 11:19   #39
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Unter dem betroffenen Account und mit Admin-Rechten auszuführen?

Dank und Gruß
Torsten

Alt 04.05.2015, 11:47   #40
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Ja...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2015, 13:27   #41
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Und hier die Ergebnisse:
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Teaching on 04.05.2015 at 12:58:18,85.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Teaching\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

04.05.2015 12:59:41 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\paint.net deleted successfully
C:\Users\Teaching\AppData\Roaming\hpqlog deleted successfully
C:\Users\Teaching\AppData\Local\PDFC deleted successfully
C:\Users\Teaching\AppData\Local\VirtualStore deleted successfully
C:\Users\Torsten\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\zrqgxxmx.default-1430674021451\prefs.js:

Added to C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\zrqgxxmx.default-1430674021451\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Teaching\AppData\Roaming\Thunderbird\Profiles\yg97ta2y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Teaching\AppData\Roaming\Thunderbird\Profiles\yg97ta2y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Torsten\AppData\Roaming\Thunderbird\Profiles\vzozgrtw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Torsten\AppData\Roaming\Thunderbird\Profiles\vzozgrtw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default\foxydeal.sqlite deleted
"C:\Users\Teaching\AppData\Roaming\vlc\vlcrc" deleted
"C:\Users\Teaching\AppData\Roaming\vlc" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\zrqgxxmx.default-1430674021451
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Teaching\AppData\Roaming\Thunderbird\Profiles\yg97ta2y.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Torsten\AppData\Roaming\Thunderbird\Profiles\vzozgrtw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\erufibpf.default
- Myanmar Converter - %ProfilePath%\extensions\myanmar-converter@thanlwinsoft.org
- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
- ProxTube - %ProfilePath%\extensions\ich@maltegoetz.de.xpi
- DuckDuckGo Plus - %ProfilePath%\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Teaching\AppData\Roaming\Mozilla\Firefox\Profiles\zrqgxxmx.default-1430674021451
9AE02005247DA91AB1743F5208DBEF76	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -	Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aakchaleigkohafkfjfjbblobjifikek - C:\Users\Torsten\AppData\LocalLow\proxtube\CHROME\proxtube.crx[19.04.2012 15:10]
kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\eBay.lnk - C:\Program Files (x86)\Online Services\eBay\ebay.vbs "hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay_first&pf=cmnb&locale=de_de&bd=all&c=111" "eBay" "hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=de_de&bd=all&c=111" "eBay"
C:\Users\Default User\Desktop\eBay.lnk - C:\Program Files (x86)\Online Services\eBay\ebay.vbs "hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay_first&pf=cmnb&locale=de_de&bd=all&c=111" "eBay" "hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=de_de&bd=all&c=111" "eBay"
C:\Users\Teaching\Desktop\GeoGebra.lnk - C:\Users\Teaching\GeoGebra 5.0\GeoGebra.exe 
C:\Users\Teaching\Desktop\Microsoft Excel Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Excel Starter 2010 9014006604070000"
C:\Users\Teaching\Desktop\Teaching - Verknüpfung.lnk -  
C:\Users\Torsten\Desktop\Amazon.lnk - C:\Users\Teaching\AppData\Local\UnicoBrowser\Application\unicobrowser.exe  --sienium-shortcut hxxp://www.amazon.com --location=1
C:\Users\Torsten\Desktop\Hero - Verknüpfung.lnk -  
C:\Users\Torsten\Desktop\HERO_new - Verknüpfung.lnk -  
C:\Users\Torsten\Desktop\Hotmail.lnk - C:\Users\Teaching\AppData\Local\UnicoBrowser\Application\unicobrowser.exe  --sienium-shortcut https://www.hotmail.com --location=1
C:\Users\Torsten\Desktop\Microsoft Excel Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Excel Starter 2010 9014006604070000"
C:\Users\Torsten\Desktop\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604070000"
C:\Users\Torsten\Desktop\MP3 - Verknüpfung.lnk -  
C:\Users\Torsten\Desktop\Teaching.lnk - C:\Teaching 
C:\Users\Torsten\Desktop\TeXnicCenter.lnk - C:\Program Files (x86)\TeXnicCenter\TEXCNTR.EXE 
C:\Users\Torsten\Desktop\Mathe\Free Video Call Recorder for Skype.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe 
C:\Users\Torsten\Desktop\Mathe\skyui - Verknüpfung.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ElsterFormular.lnk - C:\Program Files (x86)\ElsterFormular\bin\pica.exe 
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
C:\Users\Public\Desktop\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www-searching.com/?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&pi=2
C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www-searching.com/?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&pi=2
C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Torsten\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Deinstallation.lnk - C:\ProgramData\elsterformular\setup\uninstall.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular.lnk - C:\Program Files (x86)\ElsterFormular\bin\pica.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Hilfe.lnk - C:\Program Files (x86)\ElsterFormular\bin\hilfepica.exe -collectionFile "C:\Program Files (x86)\ElsterFormular/hilfe/elfo.bedienung.qhc" -showUrl "qthelp://elfo.bedienung/hilfe/bed_kap01/910000.html"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Infodatei - Support.lnk - C:\Program Files (x86)\ElsterFormular\bin\hotlinetool.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Installationsverwaltung.lnk - C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe --zeigeDlg
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Integritätsprüfer.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Screenreadermodus.lnk - C:\Program Files (x86)\ElsterFormular\bin\pica.exe --sehbehindertenmodus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk - C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crush the Castle 2.lnk - C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk - C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Free Realms.lnk - C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk - C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Shaiya.lnk - C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk - C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www-searching.com/?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&pi=2
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www-searching.com/?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&pi=2
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www-searching.com/?s=F51ztutdk0003,d6b4f3bd-0e45-413b-b846-181d78bcf7d1,&pi=2
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeXnicCenter.lnk - C:\Program Files (x86)\TeXnicCenter\TEXCNTR.EXE 
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe 
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk -  
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6e78b94710060d75\Unico Browser.lnk - C:\Users\Teaching\AppData\Local\UnicoBrowser\Application\unicobrowser.exe --profile-directory=Default
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\MediathekView.lnk - C:\Users\Torsten\.mediathek3\MediathekView_8\MediathekView.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk -  
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Torsten\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe 

==== shortcuts After Repair ======================

C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Teaching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Teaching\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teaching\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Torsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Teaching\AppData\Local\Mozilla\Firefox\Profiles\zrqgxxmx.default-1430674021451\cache2 emptied successfully
C:\Users\Torsten\AppData\Local\Mozilla\Firefox\Profiles\erufibpf.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 86732 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Teaching\AppData\Local\Temp will be emptied at reboot
C:\Users\Torsten\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Teaching\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Torsten\AppData\Local\Temp\CVHLauncher(201505040649211910).log" not found
"C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbvgjfo.dll" not found
"C:\Users\Torsten\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbvgjfo.lck" not found
"C:\Users\Torsten\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 04.05.2015 at 14:23:48,90 ======================
         
Scheint funktioniert zu haben. Die Startseite ist wieder normal.

Viele Dank

Alt 04.05.2015, 13:30   #42
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Das war mein Plan.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.05.2015, 18:08   #43
TSOW
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Heißt das jetzt wieder aufräumen mit DelFix oder soll ich SystemLook, FRST, zoek und Malwarebytes Anti-Malware manuell deinstallieren?

Alt 04.05.2015, 18:09   #44
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Standard

mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?



Malwarebytes solltest Du behalten! Und das andere Zeug kannst mit DelFix entfernen.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?
administrator, adobe, bonjour, cherimoya.sys, defender, dll, downloader, explorer, home, homepage, iexplore.exe, mozilla, newtab, officejet, pdf, priceless, realtek, registry, reimage repair, rundll, schließen, security, services.exe, software, svchost.exe, temp, windows, winlogon.exe, wlan, ytdownloader, öffnet



Ähnliche Themen: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?


  1. Würde gerne diesen Mist wieder vom System haben
    Plagegeister aller Art und deren Bekämpfung - 14.05.2016 (20)
  2. Reimage Repair
    Plagegeister aller Art und deren Bekämpfung - 16.09.2015 (14)
  3. Windows 7 / Google Chrome: Browserlinks führen auf reimage repair Webseite
    Log-Analyse und Auswertung - 13.08.2015 (13)
  4. Win 7 Pro 64bit - Probleme beim Entfernen von Reimage Repair.
    Log-Analyse und Auswertung - 03.08.2015 (3)
  5. Reimage Repair/Spy Hunter - deinstallieren!
    Log-Analyse und Auswertung - 13.06.2015 (15)
  6. Reimage Repair - Ja oder lieber nicht?
    Antiviren-, Firewall- und andere Schutzprogramme - 11.04.2015 (10)
  7. Reimage Repair entfernen
    Anleitungen, FAQs & Links - 04.03.2015 (2)
  8. Webssearches.com wieder da - oder hab ich es gar nicht richtig entfernt?
    Log-Analyse und Auswertung - 05.07.2014 (24)
  9. Trojaner qv06 wie werd ich den wieder los ?
    Log-Analyse und Auswertung - 29.08.2013 (16)
  10. Ihren Fahrkartenkauf_TM6ACN - "Bahn Trojaner" geöffnet - Mist! Infiziert? Und wie werd ich ihn wieder los?
    Log-Analyse und Auswertung - 19.05.2013 (7)
  11. InCrediBar - wie werd ich das Ding wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (27)
  12. EXP/CVE-2012-1723.BU Wie werd ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (1)
  13. Wie werd ich den wieder los?
    Mülltonne - 21.12.2008 (2)
  14. Brave-Sentry: Wie werd ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2007 (1)
  15. wie werd ich rsvp32_2.dll wieder los?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2007 (2)
  16. Wie werd ich die denn wieder los?
    Log-Analyse und Auswertung - 25.05.2006 (2)
  17. Schon wieder Mist auf der Festplatte :(
    Log-Analyse und Auswertung - 15.05.2005 (12)

Zum Thema mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? - Auf dem Desktop meines ersten oder zweiten accounts? - mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los?...
Archiv
Du betrachtest: mystartsearch, unico, optimize pro, reimage repair, StarGames, webssearches, etc. - wie werd ich den Mist wieder los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.