Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Lavasoft Web Companion - werde es allein nicht los

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.02.2016, 01:33   #1
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo, habe mir Lavasoft Web Companion zugezogen (und möglicherweise andere Schädlinge). Habe alle möglichen Virenprogramme wie adwcleaner, jrt oder Malwarebytes eingesetzt und sogar registry einträge gelöscht - hat alles nix gebracht. Betriebssystem ist Win 10. Bin dankbar für jede Hilfe!
evapro

Alt 20.02.2016, 10:07   #2
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

FRST-Log Dateien



Hallo,
habe in der Zwischenzeit einen FRST Scan gemacht und schicke hier die Logdateien...
__________________


Alt 21.02.2016, 00:41   #3
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo, komischerweise werde ich ständig als offline angezeigt, obwohl ich eingeloggt bin. Kann das an den Schädlingen liegen?

Bitte um Hilfe! Bin total verzweifelt. Kann meine Dateien nicht mehr auf externe Laufwerke kopieren. Bekomme immer wieder Fehlermeldungen, dass Dateien und/oder Laufwerke beschädigt sind. Habe Angst alles zu verlieren...

Bitte, bitte helfen Sie mir! Kann meine Dateien nicht mehr auf externe Lauferke kopieren. Bekomme immer Fehlermeldungen, dass Dateien und/oder Laufwerke beschädigt sind. Habe Angst, alles zu verlieren. Hier im trojaner-bord erscheine ich ständig als offline obwohl ich online und eingeloggt bin. Bin total verzweifelt...
__________________

Alt 23.02.2016, 13:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



1. wenn du dir selbst antwortest, verschwindet dein Thread aus dem Fokus - wir bearbeiten primär nur Threads OHNE Antworten
2. für sowas hat man nicht die Meldefunktion zu missbrauchen sondern den Erinnerungsthread zu nutzen => http://www.trojaner-board.de/72623-e...en-thread.html
3. Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.02.2016, 10:38   #5
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo,
ich bitte vielmals um Entschuldigung. Ich habe das nicht gewußt...
Habe einen neuen FRST Scan gemacht, weil ich mittlerweile noch weitere Virenscans gemacht und Schädlinge entfernt habe. Hier ist das aktuelle Resultat:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-02-2016 01
Ran by ES (administrator) on ES-PC (24-02-2016 10:27:57)
Running from C:\Users\ES\Downloads
Loaded Profiles: ES (Available Profiles: ES & UpdatusUser)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14688512 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\WINDOWS\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3531952 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [HP ENVY 4500 series (NET) #2] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{1dc105ae-8e87-4360-af98-5bbd70b5caf2}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{463066ba-d45a-4f4c-8d6d-426a499e0e30}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{4c6fab08-4c81-474e-9dea-1e2ec6279925}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{66490054-2ee0-424b-b4eb-f1c0a080123b}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ES\AppData\Roaming\Mozilla\Firefox\Profiles\yokyqeli.default-1455898717427
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-01-29] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-09-22] [not signed]
FF HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1926896 2016-02-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2015-03-17] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [218784 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-12-05] (Paragon Software Group)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-12-12] (REALiX(tm))
S3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [24848 2011-05-06] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-10-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [26792 2015-12-19] (Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2014-07-30] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 10:27 - 2016-02-24 10:28 - 00013947 _____ C:\Users\ES\Downloads\FRST.txt
2016-02-24 10:25 - 2016-02-24 10:27 - 01722368 _____ (Farbar) C:\Users\ES\Downloads\FRST.exe
2016-02-24 10:20 - 2016-02-24 10:20 - 00000000 _____ C:\Users\ES\Downloads\avast_free_antivirus_setup.exe
2016-02-24 10:19 - 2016-02-24 10:20 - 144039550 _____ C:\Users\ES\Downloads\avast_free_antivirus_setup.exe.part
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:06 - 2016-02-23 19:07 - 01511936 _____ C:\Users\ES\Downloads\adwcleaner_5.036.exe
2016-02-23 18:18 - 2016-02-23 19:41 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-23 18:18 - 2016-02-23 18:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2016-02-23 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtremeCopy
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\Program Files\Easersoft
2016-02-23 01:24 - 2016-02-23 01:24 - 00000017 _____ C:\Users\ES\Desktop\Fehler 0x80070570.txt
2016-02-22 23:20 - 2016-02-23 19:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-22 11:48 - 2016-02-22 11:48 - 00000001 _____ C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Program Files\HDDGURU LLF Tool
2016-02-22 11:11 - 2016-02-22 11:11 - 00042764 ____H C:\WINDOWS\TempFDB.fdb
2016-02-22 11:06 - 2016-02-22 11:07 - 00000000 ____D C:\Program Files\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\ConeXware
2016-02-22 00:26 - 2016-02-22 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2014 Free
2016-02-21 23:52 - 2016-02-21 23:54 - 00000000 ____D C:\Users\ES\Desktop\USB
2016-02-20 10:00 - 2016-02-24 10:27 - 00000000 ____D C:\FRST
2016-02-19 23:15 - 2016-02-19 23:15 - 00000000 ____D C:\Users\ES\AppData\Roaming\dlg
2016-02-19 23:13 - 2016-02-23 19:14 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-19 23:13 - 2016-02-20 00:32 - 00000000 ____D C:\Users\ES\AppData\Roaming\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\Users\ES\AppData\Local\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-19 23:12 - 2016-02-20 00:32 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\launcher
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\formatpart
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\explauncher
2016-02-19 18:18 - 2016-02-19 18:18 - 00000000 ____D C:\Program Files\Paragon Software
2016-02-19 18:11 - 2016-02-23 19:06 - 00000000 ____D C:\Users\ES\Viren
2016-02-19 16:22 - 2016-02-24 01:03 - 00000000 ____D C:\ProgramData\f568f502
2016-02-19 16:21 - 2013-12-05 13:34 - 00027464 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2016-02-17 07:20 - 2016-02-17 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-14 01:40 - 2016-02-14 01:40 - 00000228 _____ C:\Users\ES\Desktop\neu mix.txt
2016-02-13 12:48 - 2016-02-13 12:48 - 00002373 _____ C:\Users\ES\Desktop\kü.txt
2016-02-12 19:34 - 2016-02-12 19:34 - 00000000 ____D C:\Users\ES\AppData\Roaming\NVIDIA
2016-02-12 19:32 - 2016-02-24 09:14 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-12 18:57 - 2016-02-12 18:57 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-12 18:56 - 2016-02-12 18:56 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-02-12 18:56 - 2016-02-12 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-10 18:13 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 05798240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 01560848 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 18:13 - 2016-01-27 07:15 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 18:13 - 2016-01-27 07:12 - 00279376 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 18:13 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 18:13 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 18:13 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 18:13 - 2016-01-27 06:47 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 18:13 - 2016-01-27 06:47 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 18:13 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 18:13 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 18:13 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 18:13 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 18:13 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 18:13 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 18:13 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 18:13 - 2016-01-27 05:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 18:13 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 18:13 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 18:13 - 2016-01-27 05:52 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 18:13 - 2016-01-27 05:51 - 01903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-05 13:24 - 2016-02-05 13:24 - 00051480 _____ C:\Users\ES\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 10:17 - 2016-02-01 10:57 - 00000000 ____D C:\Users\ES\Documents\My Music
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\Public\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\ES\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TuneClone
2016-01-31 23:42 - 2016-01-31 23:42 - 00000000 ____D C:\Users\ES\AppData\Local\Apple Computer
2016-01-31 23:38 - 2016-02-01 13:00 - 00000000 ____D C:\Users\ES\AppData\Roaming\Anvsoft
2016-01-31 23:38 - 2016-01-31 23:38 - 00000000 ____D C:\Users\ES\Documents\Any Audio Converter
2016-01-31 23:05 - 2016-02-01 09:52 - 00000000 ____D C:\Users\ES\AppData\Roaming\Apple Computer
2016-01-31 23:02 - 2016-01-31 23:02 - 00000000 ____D C:\Users\ES\AppData\Local\Apple
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\Users\ES\AppData\LocalLow\Apple Computer
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\ProgramData\Apple
2016-01-31 22:31 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TEMP
2016-01-31 22:30 - 2011-05-06 23:29 - 00024848 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\lmvac.sys
2016-01-31 20:09 - 2016-02-07 22:10 - 00004608 _____ C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-31 18:57 - 2016-01-31 18:59 - 00000000 ____D C:\Users\ES\Documents\PA
2016-01-31 16:50 - 2016-01-31 16:50 - 00000000 ____D C:\Users\ES\AppData\Local\ElevatedDiagnostics
2016-01-31 14:58 - 2016-01-31 14:58 - 00000000 ____D C:\Users\ES\AppData\Roaming\Flo & Seb Engineering
2016-01-31 14:57 - 2016-02-23 19:40 - 00001038 _____ C:\Users\ES\Desktop\Kochbuch.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kochbuch
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\Program Files\Kochbuch
2016-01-31 14:49 - 2016-02-20 00:02 - 00000000 ____D C:\searchplugins
2016-01-28 09:25 - 2016-01-16 07:35 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 09:25 - 2016-01-16 07:33 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 09:25 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 09:25 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 09:25 - 2016-01-16 07:17 - 01300016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 09:25 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 09:25 - 2016-01-16 07:04 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 09:25 - 2016-01-16 07:03 - 00364168 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 09:25 - 2016-01-16 06:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 09:25 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 09:25 - 2016-01-16 06:35 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 09:25 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 09:25 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 09:25 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 09:25 - 2016-01-16 06:30 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 09:25 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 09:25 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 09:25 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 09:25 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 09:25 - 2016-01-16 06:22 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 09:25 - 2016-01-16 06:22 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 09:25 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 01552896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00176128 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 09:25 - 2016-01-16 06:17 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 09:25 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 09:25 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 09:25 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 09:24 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 09:24 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 09:24 - 2016-01-16 06:31 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 09:24 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 09:24 - 2016-01-16 06:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-25 03:21 - 2016-01-25 03:21 - 00984682 _____ C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 10:13 - 2015-09-06 21:17 - 00001190 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-24 10:12 - 2015-12-10 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-24 10:12 - 2015-10-30 06:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-24 10:10 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-24 09:55 - 2015-12-01 11:12 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-24 09:36 - 2015-09-06 21:17 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-23 20:15 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\rescache
2016-02-23 19:41 - 2016-01-22 18:06 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-02-23 19:41 - 2016-01-17 22:10 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-23 19:41 - 2015-12-10 14:26 - 00001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-23 19:41 - 2015-09-26 08:22 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-02-23 19:41 - 2015-09-06 21:14 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-23 19:40 - 2016-01-24 00:30 - 00001187 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2016-02-23 19:40 - 2016-01-22 20:04 - 00002413 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-23 19:40 - 2015-11-30 00:00 - 00001640 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 4.0.1.0.lnk
2016-02-23 19:40 - 2015-11-29 18:08 - 00001272 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2016-02-23 19:40 - 2015-11-29 14:07 - 00001051 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-02-23 19:40 - 2015-09-22 13:07 - 00001315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-02-23 19:09 - 2015-09-06 21:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-23 18:26 - 2015-12-03 23:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-23 09:48 - 2015-10-30 06:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-22 22:22 - 2015-11-23 10:20 - 00000000 ____D C:\Users\ES\Desktop\Aktuell
2016-02-22 21:43 - 2015-10-30 06:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 21:41 - 2015-10-30 06:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-22 21:41 - 2015-10-04 09:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-22 21:39 - 2015-09-06 20:34 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-22 11:19 - 2015-10-30 06:47 - 00000000 ____D C:\WINDOWS\INF
2016-02-22 11:13 - 2015-12-10 14:19 - 03095098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-22 11:13 - 2015-12-10 13:56 - 00833460 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-22 11:13 - 2015-12-10 13:56 - 00173692 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00905156 _____ C:\WINDOWS\system32\perfh00A.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00199808 _____ C:\WINDOWS\system32\perfc00A.dat
2016-02-22 00:45 - 2015-09-06 21:30 - 00000000 ___RD C:\Users\ES\Dropbox
2016-02-22 00:44 - 2015-09-06 21:17 - 00000000 ____D C:\Users\ES\AppData\Local\Dropbox
2016-02-21 23:55 - 2015-12-01 18:24 - 00000000 ____D C:\Users\ES\AppData\Local\CrashDumps
2016-02-19 18:12 - 2015-12-10 14:20 - 00000000 ____D C:\Users\ES
2016-02-19 17:59 - 2015-12-12 22:32 - 00000000 ____D C:\ProgramData\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Users\ES\AppData\Roaming\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Program Files\IObit
2016-02-18 10:05 - 2015-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-02-17 13:11 - 2015-09-22 09:56 - 00000000 ____D C:\Users\ES\AppData\Roaming\MyPhoneExplorer
2016-02-17 07:20 - 2015-09-06 21:17 - 00000000 ____D C:\Program Files\Dropbox
2016-02-12 19:32 - 2016-01-14 14:34 - 00000000 ____D C:\Users\ES\AppData\Local\Adobe
2016-02-12 19:24 - 2015-09-19 20:38 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-12 18:57 - 2016-01-14 01:29 - 00000000 ____D C:\ProgramData\Oracle
2016-02-12 18:56 - 2016-01-14 01:30 - 00000000 ____D C:\Users\ES\.oracle_jre_usage
2016-02-12 18:55 - 2016-01-14 15:28 - 00000000 ____D C:\Program Files\Java
2016-02-11 21:47 - 2015-11-29 14:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 21:43 - 2015-10-30 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:32 - 2015-10-30 06:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 18:32 - 2015-09-06 19:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 18:27 - 2015-09-06 19:39 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 22:23 - 2015-12-05 21:36 - 00000000 ____D C:\Users\ES\Documents\Camtasia Studio
2016-02-04 13:24 - 2015-09-12 17:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-03 20:01 - 2015-10-30 06:49 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-01 13:06 - 2015-11-29 14:03 - 00000000 ____D C:\Users\ES\AppData\Local\Packages
2016-02-01 13:02 - 2015-11-09 16:13 - 00000000 ____D C:\Program Files\QuickTime
2016-02-01 12:58 - 2015-10-30 06:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-01 12:31 - 2016-01-14 14:06 - 00000000 ____D C:\AdwCleaner
2016-01-31 18:54 - 2016-01-23 23:28 - 00000000 ____D C:\Users\ES\AppData\Local\RezeptSuite
2016-01-31 09:52 - 2016-01-22 19:46 - 00000490 __RSH C:\ProgramData\ntuser.pol
2016-01-30 10:11 - 2016-01-18 17:09 - 00000000 ____D C:\Users\ES\Documents\OneNote-Notizbücher
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-29 11:53 - 2015-11-29 14:12 - 00000000 ___RD C:\Users\ES\OneDrive

==================== Files in the root of some directories =======

2016-01-31 20:09 - 2016-02-07 22:10 - 0004608 _____ () C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-22 11:48 - 2016-02-22 11:48 - 0000001 _____ () C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-01-25 03:21 - 2016-01-25 03:21 - 0984682 _____ () C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar
2015-10-11 15:18 - 2015-10-11 15:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-12 22:54 - 2015-12-12 22:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-29 23:59 - 2015-12-21 10:30 - 0019535 _____ () C:\ProgramData\empty.ico
2015-09-22 13:00 - 2015-09-23 23:10 - 0003945 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\ES\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-22 11:30

==================== End of FRST.txt ===========================
         
--- --- ---


Und die andere Datei:

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:21-02-2016 01
Ran by ES (2016-02-24 10:29:02)
Running from C:\Users\ES\Downloads
Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-10 13:41:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1867245428-2212190316-3825727470-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867245428-2212190316-3825727470-503 - Limited - Disabled)
ES (S-1-5-21-1867245428-2212190316-3825727470-1001 - Administrator - Enabled) => C:\Users\ES
HomeGroupUser$ (S-1-5-21-1867245428-2212190316-3825727470-1002 - Limited - Enabled)
Invitado (S-1-5-21-1867245428-2212190316-3825727470-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1867245428-2212190316-3825727470-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D1500 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Folder Sync addon (HKLM\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ExtremeCopy (HKLM\...\{23D6630B-7538-483B-8B27-6452AE3BA628}) (Version: 1.00.0000 - Easersoft)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HMA! Pro VPN 2.8.24.0 (HKLM\...\HMA! Pro VPN) (Version: 2.8.24.0 - Privax Ltd)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{DB8B599D-2BD5-493C-ABC1-FEE980129D19}) (Version: 13.0 - HP)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{65314850-703E-4544-91CF-CB62131E28D2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.6.4 (HKLM\...\Kochbuch_is1) (Version: 2.6.4 - Flo & Seb Engineering)
Kylook Sync for Outlook Addin 2.4.4 (HKLM\...\{AD0574C4-BDA0-4AF8-BAC6-323BA548B2BB}) (Version: 2.40.4000 - Kylook GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.0.5895 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Panel de control de NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PowerArchiver 2010 (HKLM\...\{F3B19B7C-0125-4044-85D3-D72364295CCA}) (Version: 11.63.12 - ConeXware, Inc.)
Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D3F7F0-6EDC-46F2-BF67-070AD6658F4A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {030E8311-6141-4C18-B3FD-19AA96B3C2F6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {09185214-E58F-49B3-9718-5F5134B978B7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1CEDCEC5-6356-406E-99CA-E43447122DF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {280C32B4-BC64-472E-AA00-8CF96DE49CC2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29E27BA6-040B-4D47-B63B-04A95A0C6774} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DE35621-6141-4B65-9362-A32D4A79D14A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32D1C905-E04C-410D-A5B2-6E0F3FA4AC8F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {34EAE6F1-88B9-447B-B16C-FA4E63C1698E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3C23AA26-3AD0-48E8-85A5-A8AB6FF22E15} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {425AF687-7A73-44DD-95C6-A637144EB522} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {509E797C-58E4-4E09-99CF-B2A6E8BBC481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {581B2914-F4CA-4AC4-98FC-F7ED70A4670A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {5CF7FAC9-43FB-4FB9-92B9-9341FBEB9AC0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {67198D53-CB2C-4631-BFC9-699943CE101E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1867245428-2212190316-3825727470-1001
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77B68C8E-3605-44F1-8372-90CD76D0F92D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {798CFD23-77BC-4700-B066-490F17F815D2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {875B83AE-0693-41EB-8395-0A613C3CE67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88C2375C-CB6B-4372-B744-70414C6CFCF0} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe
Task: {8D0DE38A-BED6-40F4-B286-4BDE2791DDB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8E99770E-AE9E-4601-B306-CC78E1B06CBC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {977FF5F9-441C-4E07-A9CA-8EC870EC09CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {9CB42367-75C8-424A-A3DA-1FF0DA77ECD0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A5C523DF-266B-4C1E-8205-BDCD611FF094} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0537A83-1E7C-4EF0-B82F-5FE949141574} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C9F769-594B-4FD9-B96C-AC8EA6E24473} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {B8F06183-DCBF-4467-B60E-AC1FFCF49EAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0FF4EC1-E798-4159-8C42-932A65791212} - System32\Tasks\{5A1CB7D9-D066-4A98-B74D-617497213FCE} => pcalua.exe -a "C:\Program Files\HMA! Pro VPN\Uninstall.exe"
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7A4106A-E62F-4E87-A966-872B5EC9BD3B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C97824D2-046A-493F-B3B8-1756DC4271DE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CBE0BED0-D424-4316-9DCC-C98D32BC2708} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {D8111B21-A0CB-46BE-8311-587D3FC7D117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D932F5E0-7387-4773-AC5C-A066572FE14B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCDCAD91-FA26-4996-AD8F-89B90F08725B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E5367C37-8B51-48DC-AD07-1D62A0836264} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EF765DB1-B9D5-49A8-9348-5653DCC34A1A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5C22478-EB3C-4C38-BBCA-FDFE7BA609B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 06:44 - 2015-10-30 06:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 14:14 - 2015-10-13 17:47 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-01-22 17:52 - 2016-02-04 05:26 - 00144576 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-23 18:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-23 18:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-23 18:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-21 21:52 - 2016-01-21 21:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 21:07 - 2015-12-07 05:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 21:07 - 2015-12-07 04:57 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 00:31 - 2016-01-05 02:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:31 - 2016-01-05 02:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:25 - 2016-01-16 06:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 09:25 - 2016-01-16 06:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:B66E5745

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-01-15 14:29 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ES\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bg1.png
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN55Q342HP05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Dropbox"
HKLM\...\StartupApproved\Run: => "SDTray"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{878D0376-AAFD-49C5-BCEC-59D536E5D065}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3899561B-70E9-427D-A283-9834889E5260}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CED344FE-6CE7-47BD-84E9-325B2466D1BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{048BDEA8-53E3-47EF-BC37-34EF6B80327F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6A371D0C-A1DA-4157-81E6-8C85C726FD2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EDEB89AC-713F-4ED4-94E3-620D16461B09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD8774A4-6BC9-4855-ACAE-65D0CD175F47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3FBE786-F560-4551-AC41-ACF685C34254}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACEEC36D-96F6-479B-AC38-CE177D246F47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FD39CC7-FD43-46AA-8922-DAA15AD9BE48}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{1DDB82A7-F75B-4884-B2EA-2BF83A085464}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{BD757584-5237-475B-9925-A93728B3FF1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D2690F28-4F27-4642-94FB-56B3CFD24A24}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7F92F5A9-CAAD-47B1-8249-0B018D24C173}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6E8518D4-C330-4461-9861-6114EB2A8624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D1457DF7-2FD9-4F13-A5F3-85044186DC2C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F0C8EDB6-A643-4382-AD38-099E137AEE07}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AA8E40E6-360F-4292-86A9-9B69C6D37540}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B19A5B0D-6F51-474C-B105-CC47D02A40C8}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{EB13E10C-B2E3-49C7-B567-80B702C2C04B}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{398F2915-A41E-4637-BC99-C11EB6FBD58B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FB117515-837D-4265-92B2-40A3B5F8BC8A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0300D242-1824-466E-A199-01C59BDC4843}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{772E0335-9C24-422D-83CD-EF90D00E2A30}] => (Allow) LPort=5357
FirewallRules: [{7AD450D7-7199-4217-A6A2-1E44F20316AE}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{598D8397-D04A-47FD-87C1-19E93532E54A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB8A5DA3-F58E-4E21-9E62-BA6ECD418BCF}] => (Allow) LPort=2869
FirewallRules: [{9B9BC86C-0630-4AF8-9945-8411419E2C2C}] => (Allow) LPort=1900
FirewallRules: [{DD806805-B6D5-4B74-92EC-1425AB8D03F2}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

22-02-2016 00:25:15 Installed Paragon Partition Manager™ 2014 Free.
23-02-2016 10:44:28 Installed ExtremeCopy.
23-02-2016 19:12:30 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2016 07:12:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/23/2016 05:38:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ES-PC)
Description: Das Paket „Microsoft.Windows.Photos_16.201.11370.0_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/23/2016 10:44:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/23/2016 09:47:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ES-PC)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009280. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2016 09:01:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 09:01:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 09:00:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 12:20:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 12:20:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 12:18:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.


System errors:
=============
Error: (02/24/2016 10:13:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/24/2016 10:12:57 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acceso a datos de usuarios_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Almacenamiento de datos de usuarios_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Datos de contactos_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/24/2016 10:11:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sincronizar host_3a828" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/23/2016 07:13:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetMsmqActivator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetMsmqActivator erreicht.

Error: (02/23/2016 07:10:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetPipeActivator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


CodeIntegrity:
===================================
  Date: 2016-02-22 23:46:20.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-22 21:40:41.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-22 11:31:23.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-21 01:36:10.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-20 09:48:44.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-20 00:01:52.367
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-20 00:01:52.288
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-11 21:47:04.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 22:24:51.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-09 22:53:09.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 39%
Total physical RAM: 3066.73 MB
Available physical RAM: 1845.13 MB
Total Virtual: 6138.73 MB
Available Virtual: 4806.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:296.16 GB) (Free:179.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.48 GB) (Free:0.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F188FF0C)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=05)
Partition 2: (Active) - (Size=296.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
         
--- --- ---


Alt 24.02.2016, 10:46   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



moin musst dich nicht entschuldigen, es waren nur Hinweise, deswegen ist hier niemand verärgert


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!
__________________
--> Lavasoft Web Companion - werde es allein nicht los

Alt 24.02.2016, 18:21   #7
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo, vielen Dank für die freundliche Antwort. Leider habe ich nur noch 2 logfiles (JRT und ESETS), die anderen habe ich gelöscht - Idiot! Ich sende es wieder als Code...
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Pro x86 
Ran by ES (Administrator) on 23.02.2016 at 19:12:27,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3 

Failed to delete: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job (Task) 
Successfully deleted: C:\Program Files\lavasoft\web companion (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\POWARC116312-FREE.EXE-003E8BFB.pf (File) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.02.2016 at 19:15:12,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0879b951f8c58c419f1dd4bf286324cb
# end=init
# utc_time=2016-02-23 09:02:30
# local_time=2016-02-23 10:02:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28269
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0879b951f8c58c419f1dd4bf286324cb
# end=updated
# utc_time=2016-02-23 09:46:10
# local_time=2016-02-23 10:46:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0879b951f8c58c419f1dd4bf286324cb
# engine=28269
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-24 12:05:58
# local_time=2016-02-24 01:05:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28011 10092083 0 0
# scanned=237203
# found=12
# cleaned=11
# scan_time=8388
sh=277CF466D8E7EFF1E59552191BB3323E78789E97 ft=1 fh=c71c0011af8bafee vn="Variante von Win32/Adware.Adposhel.A Anwendung" ac=I fn="C:\Users\All Users\f568f502\c826d67a.dll"
sh=84093467014EE5F577456C210D2369735E094E3A ft=1 fh=83f4773317d54569 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1867245428-2212190316-3825727470-1001\$R28VM69.exe"
sh=1715A449C058968BBD7068F64E3AB8F09306FA89 ft=1 fh=7ccbe0befa16063e vn="Variante von MSIL/MyPCBackup.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\OLBPre\OLBPre.exe.vir"
sh=0E523ECC14E218051E63A9D18AA3A75FB228D986 ft=1 fh=1b01a05abcca77ed vn="Variante von Win32/Adware.CouponMarvel.U Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\IIFKWRHK32.dll.vir"
sh=135F3090DDFA1803B25C7CA1B7D70A4657CF5077 ft=1 fh=6778d26e88a364f2 vn="Variante von Win32/Adware.CouponMarvel.Q Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\NSISHelper.dll.vir"
sh=7A25898EBE1DC489752BC615620E64D3D8A0B36E ft=1 fh=4d3c316109d55ce6 vn="Variante von Win32/Adware.CouponMarvel.Q.gen Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\uninstall.exe.vir"
sh=277CF466D8E7EFF1E59552191BB3323E78789E97 ft=1 fh=c71c0011af8bafee vn="Variante von Win32/Adware.Adposhel.A Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\ProgramData\f568f502\c826d67a.dll"
sh=2C04767C4DC7778F8B9CE16359EE3D687FE54E4B ft=1 fh=27646bdbe06902ab vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\AppData\Local\Temp\7zS394E\Optional\HP_IPG_Toolbar_installer.exe"
sh=25EFC5F0778A51028FF49B40816F17F841C166E7 ft=1 fh=b79ba7112d2a946c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\AppData\Local\Temp\DMR\dmr_72.exe"
sh=4CE14671B6635B010E0D497A02272C44B3582263 ft=1 fh=a0ec4620f4486628 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht)" ac=C fn="C:\Users\ES\Downloads\EN4500_198.exe"
sh=1E005B640F0F9B1F5E76097A43288F5450D184D0 ft=1 fh=02992d5159953ad7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\Downloads\ExtremeCopy - CHIP-Installer.exe"
sh=26B9D456E7AE71AB96B83713184D9CCE0CCB7250 ft=1 fh=7f568c6779c14406 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\ES\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
         

Geändert von evapro (24.02.2016 um 18:26 Uhr)

Alt 25.02.2016, 09:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.02.2016, 14:51   #9
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo, habe alles so gemacht, wie Du gesagt hast. AdwCleaner hat nix gefunden und daher gabs keinen Neustart und keine logfiles. Die beiden anderen sind hier:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Pro x86 
Ran by ES (Administrator) on 25.02.2016 at 14:41:53,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Failed to delete: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job (Task) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2016 at 14:43:08,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-02-2016
Ran by ES (administrator) on ES-PC (25-02-2016 14:45:45)
Running from C:\Users\ES\Desktop
Loaded Profiles: ES (Available Profiles: ES & UpdatusUser)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14688512 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\WINDOWS\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3531952 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Run: [HP ENVY 4500 series (NET) #2] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{1dc105ae-8e87-4360-af98-5bbd70b5caf2}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{463066ba-d45a-4f4c-8d6d-426a499e0e30}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{4c6fab08-4c81-474e-9dea-1e2ec6279925}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{66490054-2ee0-424b-b4eb-f1c0a080123b}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ES\AppData\Roaming\Mozilla\Firefox\Profiles\yokyqeli.default-1455898717427
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-01-29] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-09-22] [not signed]
FF HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1926896 2016-02-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-16] (Dropbox, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14652704 2013-11-14] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2015-03-17] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [218784 2015-08-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [27464 2013-12-05] (Paragon Software Group)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-12-12] (REALiX(tm))
S3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [24848 2011-05-06] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-10-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [33568 2013-11-14] (NVIDIA Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [26792 2015-12-19] (Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2014-07-30] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 14:45 - 2016-02-25 14:46 - 00013792 _____ C:\Users\ES\Desktop\FRST.txt
2016-02-25 14:44 - 2016-02-25 14:45 - 01722368 _____ (Farbar) C:\Users\ES\Desktop\FRST.exe
2016-02-25 14:41 - 2016-02-25 14:41 - 01609216 _____ (Malwarebytes) C:\Users\ES\Desktop\JRT.exe
2016-02-25 14:31 - 2016-02-25 14:31 - 01511936 _____ C:\Users\ES\Desktop\AdwCleaner_5.036.exe
2016-02-24 23:42 - 2016-02-25 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-24 22:33 - 2016-02-24 22:33 - 00000063 _____ C:\Users\ES\Desktop\ziegelbau.txt
2016-02-24 10:51 - 2016-02-24 10:52 - 00000000 ____D C:\Users\ES\Desktop\Kü
2016-02-24 10:19 - 2016-02-24 10:32 - 201900432 _____ (AVAST Software) C:\Users\ES\Downloads\avast_free_antivirus_setup.exe
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Program Files\ESET
2016-02-23 19:15 - 2016-02-25 14:43 - 00000608 _____ C:\Users\ES\Desktop\JRT.txt
2016-02-23 18:18 - 2016-02-23 19:41 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-23 18:18 - 2016-02-23 18:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2016-02-23 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-23 18:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtremeCopy
2016-02-23 10:45 - 2016-02-23 10:45 - 00000000 ____D C:\Program Files\Easersoft
2016-02-23 01:24 - 2016-02-23 01:24 - 00000017 _____ C:\Users\ES\Desktop\Fehler 0x80070570.txt
2016-02-22 11:48 - 2016-02-22 11:48 - 00000001 _____ C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
2016-02-22 11:48 - 2016-02-22 11:48 - 00000000 ____D C:\Program Files\HDDGURU LLF Tool
2016-02-22 11:11 - 2016-02-22 11:11 - 00042764 ____H C:\WINDOWS\TempFDB.fdb
2016-02-22 11:06 - 2016-02-22 11:07 - 00000000 ____D C:\Program Files\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
2016-02-22 11:06 - 2016-02-22 11:06 - 00000000 ____D C:\ProgramData\ConeXware
2016-02-22 00:26 - 2016-02-22 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2014 Free
2016-02-21 23:52 - 2016-02-21 23:54 - 00000000 ____D C:\Users\ES\Desktop\USB
2016-02-20 10:00 - 2016-02-25 14:45 - 00000000 ____D C:\FRST
2016-02-19 23:15 - 2016-02-19 23:15 - 00000000 ____D C:\Users\ES\AppData\Roaming\dlg
2016-02-19 23:13 - 2016-02-23 19:14 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-19 23:13 - 2016-02-20 00:32 - 00000000 ____D C:\Users\ES\AppData\Roaming\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\Users\ES\AppData\Local\Lavasoft
2016-02-19 23:13 - 2016-02-19 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-19 23:12 - 2016-02-20 00:32 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\launcher
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\formatpart
2016-02-19 18:23 - 2016-02-19 18:23 - 00000000 ____D C:\ProgramData\explauncher
2016-02-19 18:18 - 2016-02-19 18:18 - 00000000 ____D C:\Program Files\Paragon Software
2016-02-19 16:22 - 2016-02-24 01:03 - 00000000 ____D C:\ProgramData\f568f502
2016-02-19 16:21 - 2013-12-05 13:34 - 00027464 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2016-02-17 07:20 - 2016-02-17 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-14 01:40 - 2016-02-14 01:40 - 00000228 _____ C:\Users\ES\Desktop\neu mix.txt
2016-02-13 12:48 - 2016-02-13 12:48 - 00002373 _____ C:\Users\ES\Desktop\kü.txt
2016-02-12 19:34 - 2016-02-12 19:34 - 00000000 ____D C:\Users\ES\AppData\Roaming\NVIDIA
2016-02-12 19:32 - 2016-02-25 14:14 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-12 18:57 - 2016-02-12 18:57 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-12 18:56 - 2016-02-12 18:56 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-02-12 18:56 - 2016-02-12 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-10 18:13 - 2016-01-29 07:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 05798240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 18:13 - 2016-01-27 07:15 - 01560848 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 18:13 - 2016-01-27 07:15 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 18:13 - 2016-01-27 07:12 - 00279376 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 18:13 - 2016-01-27 06:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 18:13 - 2016-01-27 06:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 18:13 - 2016-01-27 06:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 18:13 - 2016-01-27 06:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 18:13 - 2016-01-27 06:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 18:13 - 2016-01-27 06:47 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 18:13 - 2016-01-27 06:47 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 18:13 - 2016-01-27 06:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 18:13 - 2016-01-27 06:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 18:13 - 2016-01-27 06:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 18:13 - 2016-01-27 06:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 18:13 - 2016-01-27 06:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 18:13 - 2016-01-27 06:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 18:13 - 2016-01-27 06:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 18:13 - 2016-01-27 06:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 18:13 - 2016-01-27 06:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 18:13 - 2016-01-27 06:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 18:13 - 2016-01-27 05:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 18:13 - 2016-01-27 05:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 18:13 - 2016-01-27 05:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 18:13 - 2016-01-27 05:52 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 18:13 - 2016-01-27 05:51 - 01903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 18:13 - 2016-01-27 05:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 18:13 - 2016-01-27 05:49 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 18:13 - 2016-01-27 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-05 13:24 - 2016-02-05 13:24 - 00051480 _____ C:\Users\ES\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 10:17 - 2016-02-01 10:57 - 00000000 ____D C:\Users\ES\Documents\My Music
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\Public\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\Users\ES\Documents\TuneClone
2016-02-01 10:17 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TuneClone
2016-01-31 23:42 - 2016-01-31 23:42 - 00000000 ____D C:\Users\ES\AppData\Local\Apple Computer
2016-01-31 23:38 - 2016-02-01 13:00 - 00000000 ____D C:\Users\ES\AppData\Roaming\Anvsoft
2016-01-31 23:38 - 2016-01-31 23:38 - 00000000 ____D C:\Users\ES\Documents\Any Audio Converter
2016-01-31 23:05 - 2016-02-01 09:52 - 00000000 ____D C:\Users\ES\AppData\Roaming\Apple Computer
2016-01-31 23:02 - 2016-01-31 23:02 - 00000000 ____D C:\Users\ES\AppData\Local\Apple
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\Users\ES\AppData\LocalLow\Apple Computer
2016-01-31 23:01 - 2016-01-31 23:01 - 00000000 ____D C:\ProgramData\Apple
2016-01-31 22:31 - 2016-02-01 10:17 - 00000000 ____D C:\ProgramData\TEMP
2016-01-31 22:30 - 2011-05-06 23:29 - 00024848 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\lmvac.sys
2016-01-31 20:09 - 2016-02-07 22:10 - 00004608 _____ C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-31 18:57 - 2016-01-31 18:59 - 00000000 ____D C:\Users\ES\Documents\PA
2016-01-31 16:50 - 2016-01-31 16:50 - 00000000 ____D C:\Users\ES\AppData\Local\ElevatedDiagnostics
2016-01-31 14:58 - 2016-01-31 14:58 - 00000000 ____D C:\Users\ES\AppData\Roaming\Flo & Seb Engineering
2016-01-31 14:57 - 2016-02-23 19:40 - 00001038 _____ C:\Users\ES\Desktop\Kochbuch.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kochbuch
2016-01-31 14:57 - 2016-01-31 14:57 - 00000000 ____D C:\Program Files\Kochbuch
2016-01-31 14:49 - 2016-02-20 00:02 - 00000000 ____D C:\searchplugins
2016-01-28 09:25 - 2016-01-16 07:35 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 09:25 - 2016-01-16 07:35 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 09:25 - 2016-01-16 07:33 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 09:25 - 2016-01-16 07:20 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 09:25 - 2016-01-16 07:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 09:25 - 2016-01-16 07:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 09:25 - 2016-01-16 07:17 - 01300016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 09:25 - 2016-01-16 07:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 09:25 - 2016-01-16 07:04 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 09:25 - 2016-01-16 07:03 - 00364168 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 09:25 - 2016-01-16 06:37 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 09:25 - 2016-01-16 06:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 09:25 - 2016-01-16 06:35 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 09:25 - 2016-01-16 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 09:25 - 2016-01-16 06:32 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 09:25 - 2016-01-16 06:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 09:25 - 2016-01-16 06:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 09:25 - 2016-01-16 06:30 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 09:25 - 2016-01-16 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 09:25 - 2016-01-16 06:29 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 09:25 - 2016-01-16 06:28 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 09:25 - 2016-01-16 06:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 09:25 - 2016-01-16 06:27 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 09:25 - 2016-01-16 06:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 09:25 - 2016-01-16 06:25 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 09:25 - 2016-01-16 06:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 09:25 - 2016-01-16 06:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 09:25 - 2016-01-16 06:23 - 00608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 09:25 - 2016-01-16 06:22 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 09:25 - 2016-01-16 06:22 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 09:25 - 2016-01-16 06:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 09:25 - 2016-01-16 06:20 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 01552896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00176128 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 09:25 - 2016-01-16 06:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 09:25 - 2016-01-16 06:17 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 09:25 - 2016-01-16 06:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 09:25 - 2016-01-16 06:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 09:25 - 2016-01-16 06:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 09:25 - 2016-01-16 06:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 09:24 - 2016-01-16 06:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 09:24 - 2016-01-16 06:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 09:24 - 2016-01-16 06:34 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 09:24 - 2016-01-16 06:31 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 09:24 - 2016-01-16 06:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 09:24 - 2016-01-16 06:28 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-25 14:39 - 2016-01-14 14:06 - 00000000 ____D C:\AdwCleaner
2016-02-25 14:36 - 2015-09-06 21:17 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-25 14:29 - 2015-12-10 14:20 - 00000000 ____D C:\Users\ES
2016-02-25 13:49 - 2015-09-06 21:17 - 00001190 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-25 08:14 - 2015-09-06 21:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-24 22:34 - 2015-12-10 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-24 22:33 - 2015-10-30 06:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-24 10:12 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppCompat
2016-02-24 10:10 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-24 09:55 - 2015-12-01 11:12 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 20:15 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\rescache
2016-02-23 19:41 - 2016-01-22 18:06 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-02-23 19:41 - 2016-01-17 22:10 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-23 19:41 - 2015-12-10 14:26 - 00001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-23 19:41 - 2015-09-26 08:22 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-02-23 19:41 - 2015-09-06 21:14 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-23 19:40 - 2016-01-24 00:30 - 00001187 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2016-02-23 19:40 - 2016-01-22 20:04 - 00002413 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-23 19:40 - 2015-11-30 00:00 - 00001640 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Windows Tweaker 4.0.1.0.lnk
2016-02-23 19:40 - 2015-11-29 18:08 - 00001272 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2016-02-23 19:40 - 2015-11-29 14:07 - 00001051 _____ C:\Users\ES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2016-02-23 19:40 - 2015-09-22 13:07 - 00001315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-02-23 18:26 - 2015-12-03 23:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-23 09:48 - 2015-10-30 06:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-22 22:22 - 2015-11-23 10:20 - 00000000 ____D C:\Users\ES\Desktop\Aktuell
2016-02-22 21:43 - 2015-10-30 06:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 21:41 - 2015-10-30 06:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-22 21:41 - 2015-10-04 09:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-22 21:39 - 2015-09-06 20:34 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-22 11:19 - 2015-10-30 06:47 - 00000000 ____D C:\WINDOWS\INF
2016-02-22 11:13 - 2015-12-10 14:19 - 03095098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-22 11:13 - 2015-12-10 13:56 - 00833460 _____ C:\WINDOWS\system32\perfh007.dat
2016-02-22 11:13 - 2015-12-10 13:56 - 00173692 _____ C:\WINDOWS\system32\perfc007.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00905156 _____ C:\WINDOWS\system32\perfh00A.dat
2016-02-22 11:13 - 2015-10-30 16:07 - 00199808 _____ C:\WINDOWS\system32\perfc00A.dat
2016-02-22 00:45 - 2015-09-06 21:30 - 00000000 ___RD C:\Users\ES\Dropbox
2016-02-22 00:44 - 2015-09-06 21:17 - 00000000 ____D C:\Users\ES\AppData\Local\Dropbox
2016-02-21 23:55 - 2015-12-01 18:24 - 00000000 ____D C:\Users\ES\AppData\Local\CrashDumps
2016-02-19 17:59 - 2015-12-12 22:32 - 00000000 ____D C:\ProgramData\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Users\ES\AppData\Roaming\IObit
2016-02-19 17:59 - 2015-12-12 22:31 - 00000000 ____D C:\Program Files\IObit
2016-02-18 10:05 - 2015-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-02-17 13:11 - 2015-09-22 09:56 - 00000000 ____D C:\Users\ES\AppData\Roaming\MyPhoneExplorer
2016-02-17 07:20 - 2015-09-06 21:17 - 00000000 ____D C:\Program Files\Dropbox
2016-02-12 19:32 - 2016-01-14 14:34 - 00000000 ____D C:\Users\ES\AppData\Local\Adobe
2016-02-12 19:24 - 2015-09-19 20:38 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-12 18:57 - 2016-01-14 01:29 - 00000000 ____D C:\ProgramData\Oracle
2016-02-12 18:56 - 2016-01-14 01:30 - 00000000 ____D C:\Users\ES\.oracle_jre_usage
2016-02-12 18:55 - 2016-01-14 15:28 - 00000000 ____D C:\Program Files\Java
2016-02-11 21:47 - 2015-11-29 14:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 21:43 - 2015-10-30 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:32 - 2015-10-30 06:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 18:32 - 2015-09-06 19:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 18:27 - 2015-09-06 19:39 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 22:23 - 2015-12-05 21:36 - 00000000 ____D C:\Users\ES\Documents\Camtasia Studio
2016-02-04 13:24 - 2015-09-12 17:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-03 20:01 - 2015-10-30 06:49 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-03 20:01 - 2015-10-30 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-01 13:06 - 2015-11-29 14:03 - 00000000 ____D C:\Users\ES\AppData\Local\Packages
2016-02-01 13:02 - 2015-11-09 16:13 - 00000000 ____D C:\Program Files\QuickTime
2016-02-01 12:58 - 2015-10-30 06:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-31 18:54 - 2016-01-23 23:28 - 00000000 ____D C:\Users\ES\AppData\Local\RezeptSuite
2016-01-31 09:52 - 2016-01-22 19:46 - 00000490 __RSH C:\ProgramData\ntuser.pol
2016-01-30 10:11 - 2016-01-18 17:09 - 00000000 ____D C:\Users\ES\Documents\OneNote-Notizbücher
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 23:48 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 23:47 - 2015-10-30 06:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-29 11:53 - 2015-11-29 14:12 - 00000000 ___RD C:\Users\ES\OneDrive

==================== Files in the root of some directories =======

2016-01-31 20:09 - 2016-02-07 22:10 - 0004608 _____ () C:\Users\ES\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-22 11:48 - 2016-02-22 11:48 - 0000001 _____ () C:\Users\ES\AppData\Local\llftool.4.40.agreement
2016-01-25 03:21 - 2016-01-25 03:21 - 0984682 _____ () C:\Users\ES\AppData\Local\M4P-to-MP3-Converter_653.rar
2015-10-11 15:18 - 2015-10-11 15:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-12 22:54 - 2015-12-12 22:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-29 23:59 - 2015-12-21 10:30 - 0019535 _____ () C:\ProgramData\empty.ico
2015-09-22 13:00 - 2015-09-23 23:10 - 0003945 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-22 11:30

==================== End of FRST.txt ============================
         
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:24-02-2016
Ran by ES (2016-02-25 14:46:57)
Running from C:\Users\ES\Desktop
Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-10 13:41:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1867245428-2212190316-3825727470-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867245428-2212190316-3825727470-503 - Limited - Disabled)
ES (S-1-5-21-1867245428-2212190316-3825727470-1001 - Administrator - Enabled) => C:\Users\ES
HomeGroupUser$ (S-1-5-21-1867245428-2212190316-3825727470-1002 - Limited - Enabled)
Invitado (S-1-5-21-1867245428-2212190316-3825727470-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1867245428-2212190316-3825727470-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D1500 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Folder Sync addon (HKLM\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep)
Dropbox Update Helper (Version: 1.3.27.77 - Dropbox, Inc.) Hidden
ExtremeCopy (HKLM\...\{23D6630B-7538-483B-8B27-6452AE3BA628}) (Version: 1.00.0000 - Easersoft)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HMA! Pro VPN 2.8.24.0 (HKLM\...\HMA! Pro VPN) (Version: 2.8.24.0 - Privax Ltd)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{DB8B599D-2BD5-493C-ABC1-FEE980129D19}) (Version: 13.0 - HP)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{65314850-703E-4544-91CF-CB62131E28D2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.6.4 (HKLM\...\Kochbuch_is1) (Version: 2.6.4 - Flo & Seb Engineering)
Kylook Sync for Outlook Addin 2.4.4 (HKLM\...\{AD0574C4-BDA0-4AF8-BAC6-323BA548B2BB}) (Version: 2.40.4000 - Kylook GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 de) (HKLM\...\Mozilla Firefox 45.0 (x86 de)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.0.5897 - Mozilla)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Panel de control de NVIDIA 341.92 (Version: 341.92 - NVIDIA Corporation) Hidden
Paragon Partition Manager™ 2014 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PowerArchiver 2010 (HKLM\...\{F3B19B7C-0125-4044-85D3-D72364295CCA}) (Version: 11.63.12 - ConeXware, Inc.)
Q-plus Bridge 10 (HKLM\...\Q-plus Bridge 10) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D3F7F0-6EDC-46F2-BF67-070AD6658F4A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {030E8311-6141-4C18-B3FD-19AA96B3C2F6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {09185214-E58F-49B3-9718-5F5134B978B7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1CEDCEC5-6356-406E-99CA-E43447122DF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {280C32B4-BC64-472E-AA00-8CF96DE49CC2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29E27BA6-040B-4D47-B63B-04A95A0C6774} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DE35621-6141-4B65-9362-A32D4A79D14A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32D1C905-E04C-410D-A5B2-6E0F3FA4AC8F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {34EAE6F1-88B9-447B-B16C-FA4E63C1698E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {425AF687-7A73-44DD-95C6-A637144EB522} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {509E797C-58E4-4E09-99CF-B2A6E8BBC481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {581B2914-F4CA-4AC4-98FC-F7ED70A4670A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {5CF7FAC9-43FB-4FB9-92B9-9341FBEB9AC0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {67198D53-CB2C-4631-BFC9-699943CE101E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1867245428-2212190316-3825727470-1001
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77B68C8E-3605-44F1-8372-90CD76D0F92D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {798CFD23-77BC-4700-B066-490F17F815D2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {875B83AE-0693-41EB-8395-0A613C3CE67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88C2375C-CB6B-4372-B744-70414C6CFCF0} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe
Task: {8D0DE38A-BED6-40F4-B286-4BDE2791DDB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8E99770E-AE9E-4601-B306-CC78E1B06CBC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {977FF5F9-441C-4E07-A9CA-8EC870EC09CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {9CB42367-75C8-424A-A3DA-1FF0DA77ECD0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A5C523DF-266B-4C1E-8205-BDCD611FF094} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0537A83-1E7C-4EF0-B82F-5FE949141574} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C9F769-594B-4FD9-B96C-AC8EA6E24473} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {B8F06183-DCBF-4467-B60E-AC1FFCF49EAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0FF4EC1-E798-4159-8C42-932A65791212} - System32\Tasks\{5A1CB7D9-D066-4A98-B74D-617497213FCE} => pcalua.exe -a "C:\Program Files\HMA! Pro VPN\Uninstall.exe"
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7A4106A-E62F-4E87-A966-872B5EC9BD3B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C97824D2-046A-493F-B3B8-1756DC4271DE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CA3B8A64-B426-4277-8968-3E11E7379918} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {CBE0BED0-D424-4316-9DCC-C98D32BC2708} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-01-16] (Dropbox, Inc.)
Task: {D8111B21-A0CB-46BE-8311-587D3FC7D117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D932F5E0-7387-4773-AC5C-A066572FE14B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCDCAD91-FA26-4996-AD8F-89B90F08725B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E5367C37-8B51-48DC-AD07-1D62A0836264} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EF765DB1-B9D5-49A8-9348-5653DCC34A1A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5C22478-EB3C-4C38-BBCA-FDFE7BA609B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-22 17:52 - 2016-02-04 05:26 - 00144576 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-23 18:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-23 18:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-23 18:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-23 18:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-30 06:44 - 2015-10-30 06:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-10 14:01 - 2015-12-10 14:01 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-21 21:52 - 2016-01-21 21:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 21:52 - 2016-01-21 21:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-13 00:31 - 2016-01-05 02:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:31 - 2016-01-05 02:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:25 - 2016-01-16 06:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 09:25 - 2016-01-16 06:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 21:07 - 2015-12-07 05:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 21:07 - 2015-12-07 04:57 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-10 14:14 - 2015-10-13 17:47 - 00113840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:B66E5745

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-01-15 14:29 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ES\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bg1.png
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN55Q342HP05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Dropbox"
HKLM\...\StartupApproved\Run: => "SDTray"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{878D0376-AAFD-49C5-BCEC-59D536E5D065}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3899561B-70E9-427D-A283-9834889E5260}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CED344FE-6CE7-47BD-84E9-325B2466D1BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{048BDEA8-53E3-47EF-BC37-34EF6B80327F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6A371D0C-A1DA-4157-81E6-8C85C726FD2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EDEB89AC-713F-4ED4-94E3-620D16461B09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD8774A4-6BC9-4855-ACAE-65D0CD175F47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3FBE786-F560-4551-AC41-ACF685C34254}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACEEC36D-96F6-479B-AC38-CE177D246F47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8FD39CC7-FD43-46AA-8922-DAA15AD9BE48}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{1DDB82A7-F75B-4884-B2EA-2BF83A085464}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{BD757584-5237-475B-9925-A93728B3FF1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D2690F28-4F27-4642-94FB-56B3CFD24A24}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7F92F5A9-CAAD-47B1-8249-0B018D24C173}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6E8518D4-C330-4461-9861-6114EB2A8624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D1457DF7-2FD9-4F13-A5F3-85044186DC2C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F0C8EDB6-A643-4382-AD38-099E137AEE07}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AA8E40E6-360F-4292-86A9-9B69C6D37540}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B19A5B0D-6F51-474C-B105-CC47D02A40C8}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{EB13E10C-B2E3-49C7-B567-80B702C2C04B}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{398F2915-A41E-4637-BC99-C11EB6FBD58B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FB117515-837D-4265-92B2-40A3B5F8BC8A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0300D242-1824-466E-A199-01C59BDC4843}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{772E0335-9C24-422D-83CD-EF90D00E2A30}] => (Allow) LPort=5357
FirewallRules: [{7AD450D7-7199-4217-A6A2-1E44F20316AE}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{598D8397-D04A-47FD-87C1-19E93532E54A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB8A5DA3-F58E-4E21-9E62-BA6ECD418BCF}] => (Allow) LPort=2869
FirewallRules: [{9B9BC86C-0630-4AF8-9945-8411419E2C2C}] => (Allow) LPort=1900
FirewallRules: [{DD806805-B6D5-4B74-92EC-1425AB8D03F2}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

22-02-2016 00:25:15 Installed Paragon Partition Manager™ 2014 Free.
23-02-2016 10:44:28 Installed ExtremeCopy.
23-02-2016 19:12:30 JRT Pre-Junkware Removal
25-02-2016 14:41:57 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2016 02:42:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/23/2016 07:12:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/23/2016 05:38:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ES-PC)
Description: Das Paket „Microsoft.Windows.Photos_16.201.11370.0_x86__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/23/2016 10:44:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/23/2016 09:47:00 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ES-PC)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009280. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/22/2016 09:01:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 09:01:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 09:00:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 12:20:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/22/2016 12:20:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.


System errors:
=============
Error: (02/25/2016 02:42:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/25/2016 09:21:08 AM) (Source: DCOM) (EventID: 10010) (User: ES-PC)
Description: {B77A52D0-4A37-49AF-B6B1-549AA88C686A}

Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acceso a datos de usuarios_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Almacenamiento de datos de usuarios_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Datos de contactos_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/25/2016 09:21:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sincronizar host_8540f4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Acceso a datos de usuarios_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Almacenamiento de datos de usuarios_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Datos de contactos_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.

Error: (02/25/2016 12:52:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sincronizar host_3abb0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Reiniciar el servicio.


CodeIntegrity:
===================================
  Date: 2016-02-22 23:46:20.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-22 21:40:41.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-22 11:31:23.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-21 01:36:10.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-20 09:48:44.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-20 00:01:52.367
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-20 00:01:52.288
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-11 21:47:04.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 22:24:51.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-09 22:53:09.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 34%
Total physical RAM: 3066.73 MB
Available physical RAM: 2007.11 MB
Total Virtual: 6138.73 MB
Available Virtual: 5002.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:296.16 GB) (Free:179.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.48 GB) (Free:0.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F188FF0C)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=05)
Partition 2: (Active) - (Size=296.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
         
--- --- ---

Alt 25.02.2016, 15:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job
C:\ProgramData\f568f502
C:\ProgramData\Service0561
C:\PROGRA~1\FAST-S~1
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.02.2016, 19:11   #11
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo,
hier ist das Resultat:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x86) Version:24-02-2016
Ran by ES (2016-02-25 19:05:36) Run:1
Running from C:\Users\ES\Desktop
Loaded Profiles: ES (Available Profiles: ES & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Des%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FyBtA0ByDtB0E0CyEyE0BtDtDtN0D0Tzu0StCyEyByDtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0E0DtDtCzzyD0DtGtDyBtByBtGtD0F0AtCtGyCyD0DyDtG0AyC0D0DyE0EtByC0B0AyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szzzy0Fzz0CtD0FtCtGtDyByDtBtGyEyDtAtAtGzy0AtAyCtGyE0EyEzz0CtA0CtAtDtDtCyB2QtN0A0LzutB%26cr%3D482734453%26a%3Dwbf_beri_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1867245428-2212190316-3825727470-1001 -> DefaultScope {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
Task: {04E321E3-0141-4CAE-8219-997C219B497E} - System32\Tasks\gte3014 => C:\PROGRA~1\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {05ABFBE0-9AC1-4323-A66F-70EC31F6D35A} - \RCMCAIDBF1 -> No File <==== ATTENTION
Task: {18739273-EC5A-4463-A50E-00150ED9CBBD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {453038AD-0B4A-4B86-B099-3C505CD5511E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BBC85C1-A5C1-4027-8B19-1BD45D1371E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5D121365-AE81-448B-911D-B5D714D702E0} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {6EF945AC-3DEC-4A1E-8FED-D942312EDFB9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8576A135-928A-46CA-9E0D-DDCA26E330FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E2D6B22-692C-4E23-99E2-F7B3ABAF241C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F37512F-D003-4B0D-9716-F4EFCE8DB13F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C321E8A1-2648-4194-860B-9FB332FE9232} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E98CF94E-9AA0-400E-9694-303504958AA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job
C:\ProgramData\f568f502
C:\ProgramData\Service0561
C:\PROGRA~1\FAST-S~1
emptytemp:
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => value removed successfully.
"HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1867245428-2212190316-3825727470-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04E321E3-0141-4CAE-8219-997C219B497E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E321E3-0141-4CAE-8219-997C219B497E}" => key removed successfully.
C:\Windows\System32\Tasks\gte3014 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gte3014" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05ABFBE0-9AC1-4323-A66F-70EC31F6D35A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05ABFBE0-9AC1-4323-A66F-70EC31F6D35A}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RCMCAIDBF1 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18739273-EC5A-4463-A50E-00150ED9CBBD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18739273-EC5A-4463-A50E-00150ED9CBBD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4B04BA-8A3A-4E99-A340-D2DBE0B8554B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{453038AD-0B4A-4B86-B099-3C505CD5511E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{453038AD-0B4A-4B86-B099-3C505CD5511E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BBC85C1-A5C1-4027-8B19-1BD45D1371E6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BBC85C1-A5C1-4027-8B19-1BD45D1371E6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D121365-AE81-448B-911D-B5D714D702E0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D121365-AE81-448B-911D-B5D714D702E0}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EF945AC-3DEC-4A1E-8FED-D942312EDFB9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF945AC-3DEC-4A1E-8FED-D942312EDFB9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8576A135-928A-46CA-9E0D-DDCA26E330FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8576A135-928A-46CA-9E0D-DDCA26E330FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E2D6B22-692C-4E23-99E2-F7B3ABAF241C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E2D6B22-692C-4E23-99E2-F7B3ABAF241C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F37512F-D003-4B0D-9716-F4EFCE8DB13F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F37512F-D003-4B0D-9716-F4EFCE8DB13F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9B26F89-8F85-4C5E-ADB8-A37DC33C59DE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C321E8A1-2648-4194-860B-9FB332FE9232}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C321E8A1-2648-4194-860B-9FB332FE9232}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E98CF94E-9AA0-400E-9694-303504958AA2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E98CF94E-9AA0-400E-9694-303504958AA2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job => moved successfully
"C:\WINDOWS\Tasks\CQJOMPWUJPWVKXUA.job" => not found.
C:\ProgramData\f568f502 => moved successfully
"C:\ProgramData\Service0561" => not found.
"C:\PROGRA~1\FAST-S~1" => not found.
EmptyTemp: => 956.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:06:51 ====
         

Alt 25.02.2016, 22:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Okay, dann Kontrollscans mit MBAM und SC bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2016, 10:33   #13
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo,
hier die Ergebnisse von mbam und security check:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 26.02.2016
Suchlaufzeit: 10:13
Protokolldatei: mbm.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.02.26.03
Rootkit-Datenbank: v2016.02.17.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x86
Dateisystem: NTFS
Benutzer: ES

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387167
Abgelaufene Zeit: 15 Min., 5 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 8 Update 73  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	20.0.0.306  
 Mozilla Firefox (45.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
         

Alt 26.02.2016, 10:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Zitat:
Spybot - Search & Destroy
Java 8 Update 73
Java version 32-bit out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Deinstallieren

1. Spybot ist wirkungsloses Geraffel
2. Java wird nur noch in Spezialfällen benötigt, ich glaub minecraft (?) braucht das
3. Flashplayer 10 was macht der denn da???

Zitat:
Mozilla Firefox (45.0)
Wo hast du den denn her? Betaversion?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2016, 11:15   #15
evapro
 
Lavasoft Web Companion - werde es allein nicht los - Standard

Lavasoft Web Companion - werde es allein nicht los



Hallo, werde spybot sofort deinstallieren. Java wurde mir im Zuge von Webseitengestaltung als nötig eingeredet und den Flashplayer hole ich mir immer von der Adobe Seite.
Habe auch Angst, dass meine externen Laufwerke eventuell befallen sind. Ein USB Stick läßt sich nicht um die Burg beschreiben, eine externe Festplatte von Toshiba scheint okay zu sein. Kann ich mit denen auch einen Virenscan machen?
Liebe Grüße evapro

Nachtrag: alle 3 deinstalliert!

Geändert von evapro (26.02.2016 um 11:59 Uhr)

Antwort

Themen zu Lavasoft Web Companion - werde es allein nicht los
adwcleaner, andere, betriebssystem, dankbar, einträge, gelöscht, gesetzt, hilfe, hilfe!, lavasoft, lavasoft web companion, malwarebytes, möglichen, möglicherweise, nicht, programme, registry, schädlinge, schädlingssoftware, träge, virenprogramme, web, web companion, win




Ähnliche Themen: Lavasoft Web Companion - werde es allein nicht los


  1. Ich habe mir lavasoft web companion eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 06.01.2016 (34)
  2. Webcompanion von Lavasoft - Win 8.1
    Plagegeister aller Art und deren Bekämpfung - 04.09.2015 (15)
  3. Ads by Web Companion entfernen
    Anleitungen, FAQs & Links - 21.08.2015 (2)
  4. Mit Chrome den neuen Win8.1 64Bit PC verseucht und komm allein nicht weiter..
    Plagegeister aller Art und deren Bekämpfung - 23.06.2015 (26)
  5. Meldung: Aware Web Companion von Lavasoft enthält ein Root-Zertifikat
    Plagegeister aller Art und deren Bekämpfung - 25.05.2015 (28)
  6. Rechner eventuell infiziert Lavasoft Yahoo, Firefox Umleitung
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (3)
  7. "Ginyas Browser Companion" entfernen
    Anleitungen, FAQs & Links - 18.04.2014 (2)
  8. ginyas Browser companion
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (1)
  9. Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen
    Log-Analyse und Auswertung - 14.03.2013 (9)
  10. http://safesearch.lavasoft.com
    Log-Analyse und Auswertung - 27.11.2012 (8)
  11. Laptop sehr langsam und bleibt dauernd hängen, fährt auch nicht mehr von allein herunter
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (1)
  12. Ich komme allein nicht weiter, Avira findet TR/ATRAPS.gen - TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (5)
  13. Lavasoft Ad-Watch: permanente Registry Einträge
    Antiviren-, Firewall- und andere Schutzprogramme - 19.10.2010 (2)
  14. Dienst startet nicht von allein wegen Zeitüberschreitung
    Alles rund um Windows - 10.09.2010 (1)
  15. Lavasoft Adaware erkennt Malware Family // Probleme mit WIN32.TrojanDelf
    Log-Analyse und Auswertung - 09.04.2009 (19)
  16. Vundo und Agent - Hilfe komme allein nicht zurecht
    Plagegeister aller Art und deren Bekämpfung - 25.04.2007 (2)
  17. Hilfe, mein Computer spinnt & ich kann das Problem nicht mehr allein lösen
    Log-Analyse und Auswertung - 26.03.2006 (6)

Zum Thema Lavasoft Web Companion - werde es allein nicht los - Hallo, habe mir Lavasoft Web Companion zugezogen (und möglicherweise andere Schädlinge). Habe alle möglichen Virenprogramme wie adwcleaner, jrt oder Malwarebytes eingesetzt und sogar registry einträge gelöscht - hat alles nix - Lavasoft Web Companion - werde es allein nicht los...
Archiv
Du betrachtest: Lavasoft Web Companion - werde es allein nicht los auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.